diff --git a/1999/0xxx/CVE-1999-0115.json b/1999/0xxx/CVE-1999-0115.json index 649141a0562..7d54a3af99c 100644 --- a/1999/0xxx/CVE-1999-0115.json +++ b/1999/0xxx/CVE-1999-0115.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AIX bugfiler program allows local users to gain root access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1800", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1800" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AIX bugfiler program allows local users to gain root access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1800", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1800" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0131.json b/1999/0xxx/CVE-1999-0131.json index 9bb855b6165..475fa9377d3 100644 --- a/1999/0xxx/CVE-1999-0131.json +++ b/1999/0xxx/CVE-1999-0131.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/717" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/717" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1203.json b/1999/1xxx/CVE-1999-1203.json index e54cbfdddfa..fe65a3ac6b5 100644 --- a/1999/1xxx/CVE-1999-1203.json +++ b/1999/1xxx/CVE-1999-1203.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote attackers to cause a denial of service via a spoofed endpoint identifier." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990210 Security problems in ISDN equipment authentication", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=91868964203769&w=2" - }, - { - "name" : "19990212 PPP/ISDN multilink security issue - summary", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=91888117502765&w=2" - }, - { - "name" : "ascend-ppp-isdn-dos(7498)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7498.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote attackers to cause a denial of service via a spoofed endpoint identifier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19990210 Security problems in ISDN equipment authentication", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=91868964203769&w=2" + }, + { + "name": "ascend-ppp-isdn-dos(7498)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7498.php" + }, + { + "name": "19990212 PPP/ISDN multilink security issue - summary", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=91888117502765&w=2" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1320.json b/1999/1xxx/CVE-1999-1320.json index b93deadf186..74d55173668 100644 --- a/1999/1xxx/CVE-1999-1320.json +++ b/1999/1xxx/CVE-1999-1320.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in Novell NetWare 3.x and earlier allows local users to gain privileges via packet spoofing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "D-01", - "refsource" : "CIAC", - "url" : "http://ciac.llnl.gov/ciac/bulletins/d-01.shtml" - }, - { - "name" : "netware-packet-spoofing-privileges(7213)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7213.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in Novell NetWare 3.x and earlier allows local users to gain privileges via packet spoofing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "netware-packet-spoofing-privileges(7213)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7213.php" + }, + { + "name": "D-01", + "refsource": "CIAC", + "url": "http://ciac.llnl.gov/ciac/bulletins/d-01.shtml" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1338.json b/1999/1xxx/CVE-1999-1338.json index 5974aac14b2..9da6141220b 100644 --- a/1999/1xxx/CVE-1999-1338.json +++ b/1999/1xxx/CVE-1999-1338.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1338", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Delegate proxy 5.9.3 and earlier creates files and directories in the DGROOT with world-writable permissions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1338", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990721 Delegate creates directories writable for anyone", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=93259112204664&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Delegate proxy 5.9.3 and earlier creates files and directories in the DGROOT with world-writable permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19990721 Delegate creates directories writable for anyone", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=93259112204664&w=2" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1426.json b/1999/1xxx/CVE-1999-1426.json index 595f672157b..54d13dec055 100644 --- a/1999/1xxx/CVE-1999-1426.json +++ b/1999/1xxx/CVE-1999-1426.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links when updating an NIS database, which allows local users to overwrite arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "00145", - "refsource" : "SUN", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/145" - }, - { - "name" : "208", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/208" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links when updating an NIS database, which allows local users to overwrite arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "208", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/208" + }, + { + "name": "00145", + "refsource": "SUN", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/145" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1428.json b/1999/1xxx/CVE-1999-1428.json index 590ef999f31..635bf192402 100644 --- a/1999/1xxx/CVE-1999-1428.json +++ b/1999/1xxx/CVE-1999-1428.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local users to gain privileges via the save option in the Database Manager, which is running with setgid bin privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "00145", - "refsource" : "SUN", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/145" - }, - { - "name" : "208", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/208" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local users to gain privileges via the save option in the Database Manager, which is running with setgid bin privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "208", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/208" + }, + { + "name": "00145", + "refsource": "SUN", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/145" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0156.json b/2000/0xxx/CVE-2000-0156.json index c2a8a06dde5..a2401ed3589 100644 --- a/2000/0xxx/CVE-2000-0156.json +++ b/2000/0xxx/CVE-2000-0156.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the \"Image Source Redirect\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS00-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-009" - }, - { - "name" : "7827", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7827" - }, - { - "name" : "ie-image-source-redirect(3996)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/3996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the \"Image Source Redirect\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ie-image-source-redirect(3996)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/3996" + }, + { + "name": "7827", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7827" + }, + { + "name": "MS00-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-009" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0221.json b/2000/0xxx/CVE-2000-0221.json index 05928ebfd4f..c5c227f7a32 100644 --- a/2000/0xxx/CVE-2000-0221.json +++ b/2000/0xxx/CVE-2000-0221.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0221", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Nautica Marlin bridge allows remote attackers to cause a denial of service via a zero length UDP packet to the SNMP port." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0221", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1009", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1009" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Nautica Marlin bridge allows remote attackers to cause a denial of service via a zero length UDP packet to the SNMP port." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1009", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1009" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0222.json b/2000/0xxx/CVE-2000-0222.json index 856325d6fa3..5cd4a6a3a1d 100644 --- a/2000/0xxx/CVE-2000-0222.json +++ b/2000/0xxx/CVE-2000-0222.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000215 Windows 2000 installation process weakness", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000215155750.M4500@safe.hsc.fr" - }, - { - "name" : "990", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/990" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "990", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/990" + }, + { + "name": "20000215 Windows 2000 installation process weakness", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000215155750.M4500@safe.hsc.fr" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0254.json b/2000/0xxx/CVE-2000-0254.json index abcc9fd6443..0f2d1717ee9 100644 --- a/2000/0xxx/CVE-2000-0254.json +++ b/2000/0xxx/CVE-2000-0254.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0254", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dansie shopping cart application cart.pl allows remote attackers to obtain the shopping cart database and configuration information via a URL that references either the env, db, or vars form variables." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1115", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1115" - }, - { - "name" : "dansie-form-variables(4954)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/4954" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dansie shopping cart application cart.pl allows remote attackers to obtain the shopping cart database and configuration information via a URL that references either the env, db, or vars form variables." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1115", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1115" + }, + { + "name": "dansie-form-variables(4954)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4954" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0319.json b/2000/0xxx/CVE-2000-0319.json index 7d570108a7c..d703c9e7bc9 100644 --- a/2000/0xxx/CVE-2000-0319.json +++ b/2000/0xxx/CVE-2000-0319.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mail.local in Sendmail 8.10.x does not properly identify the .\\n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 2047 characters long and ends in .\\n." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000424 unsafe fgets() in sendmail's mail.local", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=2694.000424@SECURITY.NNOV.RU" - }, - { - "name" : "1146", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1146" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mail.local in Sendmail 8.10.x does not properly identify the .\\n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 2047 characters long and ends in .\\n." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1146", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1146" + }, + { + "name": "20000424 unsafe fgets() in sendmail's mail.local", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=2694.000424@SECURITY.NNOV.RU" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0379.json b/2000/0xxx/CVE-2000-0379.json index 5fd5e1aa502..7f0ebcde03a 100644 --- a/2000/0xxx/CVE-2000-0379.json +++ b/2000/0xxx/CVE-2000-0379.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Netopia R9100 router does not prevent authenticated users from modifying SNMP tables, even if the administrator has configured it to do so." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000507 Advisory: Netopia R9100 router vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005082054.NAA32590@linux.mtndew.com" - }, - { - "name" : "http://www.netopia.com/equipment/purchase/fmw_update.html", - "refsource" : "CONFIRM", - "url" : "http://www.netopia.com/equipment/purchase/fmw_update.html" - }, - { - "name" : "1177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1177" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Netopia R9100 router does not prevent authenticated users from modifying SNMP tables, even if the administrator has configured it to do so." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1177" + }, + { + "name": "http://www.netopia.com/equipment/purchase/fmw_update.html", + "refsource": "CONFIRM", + "url": "http://www.netopia.com/equipment/purchase/fmw_update.html" + }, + { + "name": "20000507 Advisory: Netopia R9100 router vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005082054.NAA32590@linux.mtndew.com" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0862.json b/2000/0xxx/CVE-2000-0862.json index 89a485c2109..fed06ac15fe 100644 --- a/2000/0xxx/CVE-2000-0862.json +++ b/2000/0xxx/CVE-2000-0862.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in an administrative interface utility for Allaire Spectra 1.0.1 allows remote attackers to read and modify sensitive configuration information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ASB00-23", - "refsource" : "ALLAIRE", - "url" : "http://archives.neohapsis.com/archives/vendor/2000-q3/0059.html" - }, - { - "name" : "allaire-spectra-admin-access(5466)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5466" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in an administrative interface utility for Allaire Spectra 1.0.1 allows remote attackers to read and modify sensitive configuration information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ASB00-23", + "refsource": "ALLAIRE", + "url": "http://archives.neohapsis.com/archives/vendor/2000-q3/0059.html" + }, + { + "name": "allaire-spectra-admin-access(5466)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5466" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0980.json b/2000/0xxx/CVE-2000-0980.json index 4b8e7aa29be..17f3b10e569 100644 --- a/2000/0xxx/CVE-2000-0980.json +++ b/2000/0xxx/CVE-2000-0980.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink does not properly filter packets from a broadcast address, which allows remote attackers to cause a broadcast storm and flood the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS00-073", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-073" - }, - { - "name" : "1781", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1781" - }, - { - "name" : "win-nmpi-packet-dos(5357)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5357" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink does not properly filter packets from a broadcast address, which allows remote attackers to cause a broadcast storm and flood the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "win-nmpi-packet-dos(5357)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5357" + }, + { + "name": "MS00-073", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-073" + }, + { + "name": "1781", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1781" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1104.json b/2000/1xxx/CVE-2000-1104.json index 7c2ad9398a9..8f33c8c3334 100644 --- a/2000/1xxx/CVE-2000-1104.json +++ b/2000/1xxx/CVE-2000-1104.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Variant of the \"IIS Cross-Site Scripting\" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS00-060", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-060" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Variant of the \"IIS Cross-Site Scripting\" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS00-060", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-060" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2510.json b/2005/2xxx/CVE-2005-2510.json index 39e7e5e1e51..88a370323fa 100644 --- a/2005/2xxx/CVE-2005-2510.json +++ b/2005/2xxx/CVE-2005-2510.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to 10.4.2, when using multiple subnets and Address Groups, does not always properly write firewall rules to the Active Rules when certain conditions occur, which could result in firewall policies that are less restrictive than intended by the administrator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2005-08-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" - }, - { - "name" : "APPLE-SA-2005-08-17", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" - }, - { - "name" : "1014708", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014708" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to 10.4.2, when using multiple subnets and Address Groups, does not always properly write firewall rules to the Active Rules when certain conditions occur, which could result in firewall policies that are less restrictive than intended by the administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014708", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014708" + }, + { + "name": "APPLE-SA-2005-08-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" + }, + { + "name": "APPLE-SA-2005-08-17", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2621.json b/2005/2xxx/CVE-2005-2621.json index 3e56692b619..cc13f964da0 100644 --- a/2005/2xxx/CVE-2005-2621.json +++ b/2005/2xxx/CVE-2005-2621.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php in ECW-Shop 6.0.2 allows remote attackers to obtain sensitive information via the (1) min or (2) max parameter with a \"'\" (single quote), which reveals the path in an error message, possibly due to a SQL injection vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050815 [NOBYTES.COM: #9] ECW Shop 6.0.2 - Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112421209919985&w=2" - }, - { - "name" : "1014734", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014734" - }, - { - "name" : "16459", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php in ECW-Shop 6.0.2 allows remote attackers to obtain sensitive information via the (1) min or (2) max parameter with a \"'\" (single quote), which reveals the path in an error message, possibly due to a SQL injection vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050815 [NOBYTES.COM: #9] ECW Shop 6.0.2 - Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112421209919985&w=2" + }, + { + "name": "1014734", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014734" + }, + { + "name": "16459", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16459" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2664.json b/2005/2xxx/CVE-2005-2664.json index 32964caa720..e85d894f00a 100644 --- a/2005/2xxx/CVE-2005-2664.json +++ b/2005/2xxx/CVE-2005-2664.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Whisper 32 1.16, and possibly earlier versions, stores passwords in plaintext in memory, which allows local users to obtain the password using a debugger or another mechanism to read process memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050818 Password Disclosure in Whisper32", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112438834310990&w=2" - }, - { - "name" : "http://antilamo.skifstone.com/vuln/whisper32.txt", - "refsource" : "MISC", - "url" : "http://antilamo.skifstone.com/vuln/whisper32.txt" - }, - { - "name" : "14600", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14600" - }, - { - "name" : "1014730", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014730" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Whisper 32 1.16, and possibly earlier versions, stores passwords in plaintext in memory, which allows local users to obtain the password using a debugger or another mechanism to read process memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014730", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014730" + }, + { + "name": "http://antilamo.skifstone.com/vuln/whisper32.txt", + "refsource": "MISC", + "url": "http://antilamo.skifstone.com/vuln/whisper32.txt" + }, + { + "name": "20050818 Password Disclosure in Whisper32", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112438834310990&w=2" + }, + { + "name": "14600", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14600" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2757.json b/2005/2xxx/CVE-2005-2757.json index 55a9510baea..fbf584773bf 100644 --- a/2005/2xxx/CVE-2005-2757.json +++ b/2005/2xxx/CVE-2005-2757.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary code via unknown attack vectors involving \"validation of URLs.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2005-11-29", - "refsource" : "APPLE", - "url" : "http://docs.info.apple.com/article.html?artnum=302847" - }, - { - "name" : "15647", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15647" - }, - { - "name" : "ADV-2005-2659", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2659" - }, - { - "name" : "21271", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21271" - }, - { - "name" : "1015285", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015285" - }, - { - "name" : "17813", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17813" - }, - { - "name" : "macos-corefoundation-url-bo(23329)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23329" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary code via unknown attack vectors involving \"validation of URLs.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17813", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17813" + }, + { + "name": "ADV-2005-2659", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2659" + }, + { + "name": "1015285", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015285" + }, + { + "name": "APPLE-SA-2005-11-29", + "refsource": "APPLE", + "url": "http://docs.info.apple.com/article.html?artnum=302847" + }, + { + "name": "21271", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21271" + }, + { + "name": "macos-corefoundation-url-bo(23329)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23329" + }, + { + "name": "15647", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15647" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5281.json b/2007/5xxx/CVE-2007-5281.json index 8d2b6aa8571..0dff24f2773 100644 --- a/2007/5xxx/CVE-2007-5281.json +++ b/2007/5xxx/CVE-2007-5281.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Java Secure Socket Extension (JSSE) in the Hitachi Cosminexus Developer's Kit for Java in various Hitachi Cosminexus 7.5 products before 07-50-01, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service via certain SSL/TLS handshake requests. NOTE: this may be the same as CVE-2007-3698." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hitachi-support.com/security_e/vuls_e/HS07-031_e/index-e.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi-support.com/security_e/vuls_e/HS07-031_e/index-e.html" - }, - { - "name" : "25935", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25935" - }, - { - "name" : "ADV-2007-3375", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3375" - }, - { - "name" : "27075", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27075" - }, - { - "name" : "hitachi-cosminexus-jsse-dos(36965)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36965" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Java Secure Socket Extension (JSSE) in the Hitachi Cosminexus Developer's Kit for Java in various Hitachi Cosminexus 7.5 products before 07-50-01, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service via certain SSL/TLS handshake requests. NOTE: this may be the same as CVE-2007-3698." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25935", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25935" + }, + { + "name": "ADV-2007-3375", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3375" + }, + { + "name": "http://www.hitachi-support.com/security_e/vuls_e/HS07-031_e/index-e.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-031_e/index-e.html" + }, + { + "name": "hitachi-cosminexus-jsse-dos(36965)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36965" + }, + { + "name": "27075", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27075" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5705.json b/2007/5xxx/CVE-2007-5705.json index d48ed07cb57..eebe03ecf10 100644 --- a/2007/5xxx/CVE-2007-5705.json +++ b/2007/5xxx/CVE-2007-5705.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Settings component in the administration system in Jeebles Directory 2.9.60 allows remote authenticated administrators to execute arbitrary PHP code via unspecified vectors related to settings.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "27345", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27345" - }, - { - "name" : "jeebles-settings-code-execution(37379)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37379" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Settings component in the administration system in Jeebles Directory 2.9.60 allows remote authenticated administrators to execute arbitrary PHP code via unspecified vectors related to settings.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jeebles-settings-code-execution(37379)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37379" + }, + { + "name": "27345", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27345" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5893.json b/2007/5xxx/CVE-2007-5893.json index 83d5cbe4895..5e38c238dfd 100644 --- a/2007/5xxx/CVE-2007-5893.json +++ b/2007/5xxx/CVE-2007-5893.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HTTPSocket.cpp in the C++ Sockets Library before 2.2.5 allows remote attackers to cause a denial of service (crash) via an HTTP request with a missing protocol version number, which triggers an exception. NOTE: some of these details were obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.alhem.net/Sockets/Changelog", - "refsource" : "CONFIRM", - "url" : "http://www.alhem.net/Sockets/Changelog" - }, - { - "name" : "26361", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26361" - }, - { - "name" : "42105", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42105" - }, - { - "name" : "27535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27535" - }, - { - "name" : "csockets-httpsocket-dos(38309)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38309" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HTTPSocket.cpp in the C++ Sockets Library before 2.2.5 allows remote attackers to cause a denial of service (crash) via an HTTP request with a missing protocol version number, which triggers an exception. NOTE: some of these details were obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26361", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26361" + }, + { + "name": "http://www.alhem.net/Sockets/Changelog", + "refsource": "CONFIRM", + "url": "http://www.alhem.net/Sockets/Changelog" + }, + { + "name": "42105", + "refsource": "OSVDB", + "url": "http://osvdb.org/42105" + }, + { + "name": "csockets-httpsocket-dos(38309)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38309" + }, + { + "name": "27535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27535" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2188.json b/2009/2xxx/CVE-2009-2188.json index 87313e0abae..e9968195de9 100644 --- a/2009/2xxx/CVE-2009-2188.json +++ b/2009/2xxx/CVE-2009-2188.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3757", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3757" - }, - { - "name" : "http://support.apple.com/kb/HT3733", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3733" - }, - { - "name" : "APPLE-SA-2009-08-05-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html" - }, - { - "name" : "APPLE-SA-2009-08-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html" - }, - { - "name" : "TA09-218A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-218A.html" - }, - { - "name" : "35954", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35954" - }, - { - "name" : "56842", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56842" - }, - { - "name" : "1022674", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022674" - }, - { - "name" : "36096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36096" - }, - { - "name" : "ADV-2009-2172", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2172" - }, - { - "name" : "safari-exif-bo(52386)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52386" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT3757", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3757" + }, + { + "name": "56842", + "refsource": "OSVDB", + "url": "http://osvdb.org/56842" + }, + { + "name": "APPLE-SA-2009-08-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html" + }, + { + "name": "36096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36096" + }, + { + "name": "APPLE-SA-2009-08-05-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html" + }, + { + "name": "1022674", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022674" + }, + { + "name": "35954", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35954" + }, + { + "name": "safari-exif-bo(52386)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52386" + }, + { + "name": "ADV-2009-2172", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2172" + }, + { + "name": "TA09-218A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html" + }, + { + "name": "http://support.apple.com/kb/HT3733", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3733" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2264.json b/2009/2xxx/CVE-2009-2264.json index 333c55e7a13..b985e0323ba 100644 --- a/2009/2xxx/CVE-2009-2264.json +++ b/2009/2xxx/CVE-2009-2264.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2264", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2264", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2575.json b/2009/2xxx/CVE-2009-2575.json index edacb5ca648..91d18f17203 100644 --- a/2009/2xxx/CVE-2009-2575.json +++ b/2009/2xxx/CVE-2009-2575.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Research In Motion (RIM) BlackBerry 8800 allows remote attackers to cause a denial of service (memory consumption and browser crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090721 Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2009-July/069772.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Research In Motion (RIM) BlackBerry 8800 allows remote attackers to cause a denial of service (memory consumption and browser crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090721 Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2009-July/069772.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2768.json b/2009/2xxx/CVE-2009-2768.json index 85e7838d8f7..ab0f3883d8f 100644 --- a/2009/2xxx/CVE-2009-2768.json +++ b/2009/2xxx/CVE-2009-2768.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by executing a shared flat binary, which triggers an access of an \"uninitialized cred pointer.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20090622 Fix for shared flat binary format in 2.6.30", - "refsource" : "MLIST", - "url" : "http://lkml.org/lkml/2009/6/22/91" - }, - { - "name" : "[oss-security] 20090813 CVE request: kernel: flat: fix uninitialized ptr with shared libs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/08/13/1" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3440625d78711bee41a84cf29c3d8c579b522666", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3440625d78711bee41a84cf29c3d8c579b522666" - }, - { - "name" : "http://thread.gmane.org/gmane.linux.hardware.blackfin.kernel.devel/1905", - "refsource" : "CONFIRM", - "url" : "http://thread.gmane.org/gmane.linux.hardware.blackfin.kernel.devel/1905" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5" - }, - { - "name" : "MDVSA-2011:051", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051" - }, - { - "name" : "36037", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36037" - }, - { - "name" : "36278", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36278" - }, - { - "name" : "kernel-loadflatsharedlibrary-dos(52909)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52909" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by executing a shared flat binary, which triggers an access of an \"uninitialized cred pointer.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36278", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36278" + }, + { + "name": "[oss-security] 20090813 CVE request: kernel: flat: fix uninitialized ptr with shared libs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/08/13/1" + }, + { + "name": "[linux-kernel] 20090622 Fix for shared flat binary format in 2.6.30", + "refsource": "MLIST", + "url": "http://lkml.org/lkml/2009/6/22/91" + }, + { + "name": "kernel-loadflatsharedlibrary-dos(52909)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52909" + }, + { + "name": "MDVSA-2011:051", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051" + }, + { + "name": "http://thread.gmane.org/gmane.linux.hardware.blackfin.kernel.devel/1905", + "refsource": "CONFIRM", + "url": "http://thread.gmane.org/gmane.linux.hardware.blackfin.kernel.devel/1905" + }, + { + "name": "36037", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36037" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3440625d78711bee41a84cf29c3d8c579b522666", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3440625d78711bee41a84cf29c3d8c579b522666" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2893.json b/2009/2xxx/CVE-2009-2893.json index 6f1e6299283..a5c63d83b3f 100644 --- a/2009/2xxx/CVE-2009-2893.json +++ b/2009/2xxx/CVE-2009-2893.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in XZero Community Classifieds 4.97.8 allow remote attackers to inject arbitrary web script or HTML via (1) the postevent parameter in a post action or (2) the _xzcal_y parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/xzero-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/xzero-xss.txt" - }, - { - "name" : "35809", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35809" - }, - { - "name" : "35996", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35996" - }, - { - "name" : "ADV-2009-2010", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in XZero Community Classifieds 4.97.8 allow remote attackers to inject arbitrary web script or HTML via (1) the postevent parameter in a post action or (2) the _xzcal_y parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35809", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35809" + }, + { + "name": "ADV-2009-2010", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2010" + }, + { + "name": "35996", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35996" + }, + { + "name": "http://packetstormsecurity.org/0907-exploits/xzero-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/xzero-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0022.json b/2015/0xxx/CVE-2015-0022.json index 9eb81865661..ce0a4c7aa32 100644 --- a/2015/0xxx/CVE-2015-0022.json +++ b/2015/0xxx/CVE-2015-0022.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-0022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009" - }, - { - "name" : "72437", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72437" - }, - { - "name" : "1031723", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031723", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031723" + }, + { + "name": "72437", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72437" + }, + { + "name": "MS15-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0087.json b/2015/0xxx/CVE-2015-0087.json index f07f78c77d9..1be221b4691 100644 --- a/2015/0xxx/CVE-2015-0087.json +++ b/2015/0xxx/CVE-2015-0087.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to obtain sensitive information from kernel memory, and possibly bypass the KASLR protection mechanism, via a crafted font, aka \"Adobe Font Driver Information Disclosure Vulnerability,\" a different vulnerability than CVE-2015-0089." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-0087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-021", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-021" - }, - { - "name" : "72893", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72893" - }, - { - "name" : "1031889", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to obtain sensitive information from kernel memory, and possibly bypass the KASLR protection mechanism, via a crafted font, aka \"Adobe Font Driver Information Disclosure Vulnerability,\" a different vulnerability than CVE-2015-0089." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-021", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-021" + }, + { + "name": "1031889", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031889" + }, + { + "name": "72893", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72893" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0113.json b/2015/0xxx/CVE-2015-0113.json index e5a267dd344..7131ecafbcd 100644 --- a/2015/0xxx/CVE-2015-0113.json +++ b/2015/0xxx/CVE-2015-0113.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Engineering Lifecycle Manager 4.0.3 through 4.0.7 and 5.0 through 5.0.2, Rational Rhapsody Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, and Rational Software Architect Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2 allows remote attackers to read JSP source code via a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21882770", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21882770" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Engineering Lifecycle Manager 4.0.3 through 4.0.7 and 5.0 through 5.0.2, Rational Rhapsody Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, and Rational Software Architect Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2 allows remote attackers to read JSP source code via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21882770", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882770" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0878.json b/2015/0xxx/CVE-2015-0878.json index a1619567c2f..a5abf612453 100644 --- a/2015/0xxx/CVE-2015-0878.json +++ b/2015/0xxx/CVE-2015-0878.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in CREAR AL-Mail32 before 1.13d allows remote attackers to write to arbitrary files via a crafted filename of an attachment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-0878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.almail.com/vulnerability.html", - "refsource" : "CONFIRM", - "url" : "http://www.almail.com/vulnerability.html" - }, - { - "name" : "JVN#77294617", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN77294617/index.html" - }, - { - "name" : "JVNDB-2015-000020", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in CREAR AL-Mail32 before 1.13d allows remote attackers to write to arbitrary files via a crafted filename of an attachment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#77294617", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN77294617/index.html" + }, + { + "name": "http://www.almail.com/vulnerability.html", + "refsource": "CONFIRM", + "url": "http://www.almail.com/vulnerability.html" + }, + { + "name": "JVNDB-2015-000020", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000020" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3083.json b/2015/3xxx/CVE-2015-3083.json index 62f363b1808..57e380931b2 100644 --- a/2015/3xxx/CVE-2015-3083.json +++ b/2015/3xxx/CVE-2015-3083.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3082 and CVE-2015-3085." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-3083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37841", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37841/" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html" - }, - { - "name" : "GLSA-201505-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201505-02" - }, - { - "name" : "RHSA-2015:1005", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1005.html" - }, - { - "name" : "SUSE-SU-2015:0878", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html" - }, - { - "name" : "openSUSE-SU-2015:0890", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html" - }, - { - "name" : "openSUSE-SU-2015:0914", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html" - }, - { - "name" : "74610", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74610" - }, - { - "name" : "1032285", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032285" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3082 and CVE-2015-3085." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74610", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74610" + }, + { + "name": "1032285", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032285" + }, + { + "name": "SUSE-SU-2015:0878", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html" + }, + { + "name": "openSUSE-SU-2015:0890", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html" + }, + { + "name": "GLSA-201505-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201505-02" + }, + { + "name": "openSUSE-SU-2015:0914", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html" + }, + { + "name": "37841", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37841/" + }, + { + "name": "RHSA-2015:1005", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1005.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3272.json b/2015/3xxx/CVE-2015-3272.json index e9768106634..aa53b177bda 100644 --- a/2015/3xxx/CVE-2015-3272.json +++ b/2015/3xxx/CVE-2015-3272.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in the clean_param function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer header that has a substring match with a local URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-3272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150713 moodle security announcements", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2015/07/13/2" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=316662", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=316662" - }, - { - "name" : "1032877", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032877" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in the clean_param function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer header that has a substring match with a local URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://moodle.org/mod/forum/discuss.php?d=316662", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=316662" + }, + { + "name": "[oss-security] 20150713 moodle security announcements", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2015/07/13/2" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688" + }, + { + "name": "1032877", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032877" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3791.json b/2015/3xxx/CVE-2015-3791.json index b38abb82e35..e77976fee38 100644 --- a/2015/3xxx/CVE-2015-3791.json +++ b/2015/3xxx/CVE-2015-3791.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-3791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT205031", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205031" - }, - { - "name" : "https://support.apple.com/HT205046", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205046" - }, - { - "name" : "APPLE-SA-2015-08-13-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-08-20-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00004.html" - }, - { - "name" : "76340", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76340" - }, - { - "name" : "1033276", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033276" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT205046", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205046" + }, + { + "name": "76340", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76340" + }, + { + "name": "APPLE-SA-2015-08-13-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" + }, + { + "name": "APPLE-SA-2015-08-20-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00004.html" + }, + { + "name": "https://support.apple.com/kb/HT205031", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205031" + }, + { + "name": "1033276", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033276" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4290.json b/2015/4xxx/CVE-2015-4290.json index f1cbc33ad7c..0a3b914bae7 100644 --- a/2015/4xxx/CVE-2015-4290.json +++ b/2015/4xxx/CVE-2015-4290.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving contiguous memory locations, aka Bug ID CSCut12255." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150728 Cisco AnyConnect Secure Mobility Client Local Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=40176" - }, - { - "name" : "1033113", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving contiguous memory locations, aka Bug ID CSCut12255." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033113", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033113" + }, + { + "name": "20150728 Cisco AnyConnect Secure Mobility Client Local Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40176" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4628.json b/2015/4xxx/CVE-2015-4628.json index a2d4787640f..a0b5ce793d4 100644 --- a/2015/4xxx/CVE-2015-4628.json +++ b/2015/4xxx/CVE-2015-4628.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4628", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-4628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.limesurvey.org/view.php?id=9694", - "refsource" : "CONFIRM", - "url" : "https://bugs.limesurvey.org/view.php?id=9694" - }, - { - "name" : "https://github.com/LimeSurvey/LimeSurvey/commit/b09edc0dbd18d8459ade4c7c941e562c16564f9e", - "refsource" : "CONFIRM", - "url" : "https://github.com/LimeSurvey/LimeSurvey/commit/b09edc0dbd18d8459ade4c7c941e562c16564f9e" - }, - { - "name" : "https://github.com/LimeSurvey/LimeSurvey/commit/e15861a65b7028adfc23ef6af8563f645e318548", - "refsource" : "CONFIRM", - "url" : "https://github.com/LimeSurvey/LimeSurvey/commit/e15861a65b7028adfc23ef6af8563f645e318548" - }, - { - "name" : "https://github.com/LimeSurvey/LimeSurvey/pull/331", - "refsource" : "CONFIRM", - "url" : "https://github.com/LimeSurvey/LimeSurvey/pull/331" - }, - { - "name" : "75301", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75301" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/LimeSurvey/LimeSurvey/commit/e15861a65b7028adfc23ef6af8563f645e318548", + "refsource": "CONFIRM", + "url": "https://github.com/LimeSurvey/LimeSurvey/commit/e15861a65b7028adfc23ef6af8563f645e318548" + }, + { + "name": "75301", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75301" + }, + { + "name": "https://github.com/LimeSurvey/LimeSurvey/pull/331", + "refsource": "CONFIRM", + "url": "https://github.com/LimeSurvey/LimeSurvey/pull/331" + }, + { + "name": "https://bugs.limesurvey.org/view.php?id=9694", + "refsource": "CONFIRM", + "url": "https://bugs.limesurvey.org/view.php?id=9694" + }, + { + "name": "https://github.com/LimeSurvey/LimeSurvey/commit/b09edc0dbd18d8459ade4c7c941e562c16564f9e", + "refsource": "CONFIRM", + "url": "https://github.com/LimeSurvey/LimeSurvey/commit/b09edc0dbd18d8459ade4c7c941e562c16564f9e" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4913.json b/2015/4xxx/CVE-2015-4913.json index 631ae5a2892..b3caf4d25f5 100644 --- a/2015/4xxx/CVE-2015-4913.json +++ b/2015/4xxx/CVE-2015-4913.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4913", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4913", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "DSA-3385", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3385" - }, - { - "name" : "DSA-3377", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3377" - }, - { - "name" : "FEDORA-2016-e30164d0a2", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html" - }, - { - "name" : "RHSA-2016:0534", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0534.html" - }, - { - "name" : "RHSA-2016:0705", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0705.html" - }, - { - "name" : "RHSA-2016:1132", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1132" - }, - { - "name" : "RHSA-2016:1480", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1480.html" - }, - { - "name" : "RHSA-2016:1481", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1481.html" - }, - { - "name" : "SUSE-SU-2016:0296", - "refsource" : "SUSE", - "url" : "https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html" - }, - { - "name" : "openSUSE-SU-2016:0368", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html" - }, - { - "name" : "openSUSE-SU-2015:2244", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html" - }, - { - "name" : "openSUSE-SU-2015:2246", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html" - }, - { - "name" : "USN-2781-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2781-1" - }, - { - "name" : "77153", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77153" - }, - { - "name" : "1033894", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033894" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:2244", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html" + }, + { + "name": "RHSA-2016:1481", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1481.html" + }, + { + "name": "1033894", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033894" + }, + { + "name": "RHSA-2016:1132", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1132" + }, + { + "name": "RHSA-2016:0534", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0534.html" + }, + { + "name": "USN-2781-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2781-1" + }, + { + "name": "SUSE-SU-2016:0296", + "refsource": "SUSE", + "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html" + }, + { + "name": "77153", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77153" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "RHSA-2016:1480", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1480.html" + }, + { + "name": "openSUSE-SU-2015:2246", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html" + }, + { + "name": "DSA-3385", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3385" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "openSUSE-SU-2016:0368", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html" + }, + { + "name": "DSA-3377", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3377" + }, + { + "name": "RHSA-2016:0705", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0705.html" + }, + { + "name": "FEDORA-2016-e30164d0a2", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8273.json b/2015/8xxx/CVE-2015-8273.json index 250650001ba..aaee6f44843 100644 --- a/2015/8xxx/CVE-2015-8273.json +++ b/2015/8xxx/CVE-2015-8273.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8273", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8273", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8762.json b/2015/8xxx/CVE-2015-8762.json index d8e8c9a56e8..111a9912007 100644 --- a/2015/8xxx/CVE-2015-8762.json +++ b/2015/8xxx/CVE-2015-8762.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/01/08/7" - }, - { - "name" : "http://freeradius.org/security.html#eap-pwd-2015", - "refsource" : "CONFIRM", - "url" : "http://freeradius.org/security.html#eap-pwd-2015" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://freeradius.org/security.html#eap-pwd-2015", + "refsource": "CONFIRM", + "url": "http://freeradius.org/security.html#eap-pwd-2015" + }, + { + "name": "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/01/08/7" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8811.json b/2015/8xxx/CVE-2015-8811.json index 8f9a2e850e8..0a8b4f69a84 100644 --- a/2015/8xxx/CVE-2015-8811.json +++ b/2015/8xxx/CVE-2015-8811.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8811", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8811", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8972.json b/2015/8xxx/CVE-2015-8972.json index 0ea65a6a539..04fe9548c00 100644 --- a/2015/8xxx/CVE-2015-8972.json +++ b/2015/8xxx/CVE-2015-8972.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8972", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input, as demonstrated when in UCI mode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8972", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[bug-gnu-chess] 20151029 Buffer overflow issue in gnuchess", - "refsource" : "MLIST", - "url" : "http://lists.gnu.org/archive/html/bug-gnu-chess/2015-10/msg00002.html" - }, - { - "name" : "[oss-security] 20161113 CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/13/2" - }, - { - "name" : "[oss-security] 20161114 Re: CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/14/12" - }, - { - "name" : "[oss-security] 20161114 Re: Re: CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/14/11" - }, - { - "name" : "http://svn.savannah.gnu.org/viewvc/chess?revision=134&view=revision", - "refsource" : "CONFIRM", - "url" : "http://svn.savannah.gnu.org/viewvc/chess?revision=134&view=revision" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input, as demonstrated when in UCI mode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20161113 CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/13/2" + }, + { + "name": "[oss-security] 20161114 Re: CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/14/12" + }, + { + "name": "[oss-security] 20161114 Re: Re: CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/14/11" + }, + { + "name": "http://svn.savannah.gnu.org/viewvc/chess?revision=134&view=revision", + "refsource": "CONFIRM", + "url": "http://svn.savannah.gnu.org/viewvc/chess?revision=134&view=revision" + }, + { + "name": "[bug-gnu-chess] 20151029 Buffer overflow issue in gnuchess", + "refsource": "MLIST", + "url": "http://lists.gnu.org/archive/html/bug-gnu-chess/2015-10/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9230.json b/2015/9xxx/CVE-2015-9230.json index 560df5109bf..61c3bf52dd1 100644 --- a/2015/9xxx/CVE-2015-9230.json +++ b/2015/9xxx/CVE-2015-9230.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-9230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openwall.com/lists/oss-security/2015/10/27/3", - "refsource" : "MISC", - "url" : "http://www.openwall.com/lists/oss-security/2015/10/27/3" - }, - { - "name" : "https://cxsecurity.com/issue/WLB-2016010011", - "refsource" : "MISC", - "url" : "https://cxsecurity.com/issue/WLB-2016010011" - }, - { - "name" : "https://forum.ait-pro.com/forums/topic/bps-changelog/", - "refsource" : "MISC", - "url" : "https://forum.ait-pro.com/forums/topic/bps-changelog/" - }, - { - "name" : "https://github.com/cybersecurityworks/Disclosed/issues/3", - "refsource" : "MISC", - "url" : "https://github.com/cybersecurityworks/Disclosed/issues/3" - }, - { - "name" : "https://packetstormsecurity.com/files/135125/BulletProof-Security-.52.4-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/135125/BulletProof-Security-.52.4-Cross-Site-Scripting.html" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8224", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8224" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://forum.ait-pro.com/forums/topic/bps-changelog/", + "refsource": "MISC", + "url": "https://forum.ait-pro.com/forums/topic/bps-changelog/" + }, + { + "name": "https://github.com/cybersecurityworks/Disclosed/issues/3", + "refsource": "MISC", + "url": "https://github.com/cybersecurityworks/Disclosed/issues/3" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8224", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8224" + }, + { + "name": "https://cxsecurity.com/issue/WLB-2016010011", + "refsource": "MISC", + "url": "https://cxsecurity.com/issue/WLB-2016010011" + }, + { + "name": "http://www.openwall.com/lists/oss-security/2015/10/27/3", + "refsource": "MISC", + "url": "http://www.openwall.com/lists/oss-security/2015/10/27/3" + }, + { + "name": "https://packetstormsecurity.com/files/135125/BulletProof-Security-.52.4-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/135125/BulletProof-Security-.52.4-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9234.json b/2015/9xxx/CVE-2015-9234.json index e3e67c7f22f..39d18627df0 100644 --- a/2015/9xxx/CVE-2015-9234.json +++ b/2015/9xxx/CVE-2015-9234.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-9234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2015/Jul/49", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jul/49" - }, - { - "name" : "http://seclists.org/oss-sec/2015/q3/88", - "refsource" : "MISC", - "url" : "http://seclists.org/oss-sec/2015/q3/88" - }, - { - "name" : "https://wordpress.org/plugins/cp-contact-form-with-paypal/#developers", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/cp-contact-form-with-paypal/#developers" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/oss-sec/2015/q3/88", + "refsource": "MISC", + "url": "http://seclists.org/oss-sec/2015/q3/88" + }, + { + "name": "http://seclists.org/fulldisclosure/2015/Jul/49", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2015/Jul/49" + }, + { + "name": "https://wordpress.org/plugins/cp-contact-form-with-paypal/#developers", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/cp-contact-form-with-paypal/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5713.json b/2016/5xxx/CVE-2016-5713.json index ef00c937e03..5ce350bb927 100644 --- a/2016/5xxx/CVE-2016-5713.json +++ b/2016/5xxx/CVE-2016-5713.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@puppet.com", - "DATE_PUBLIC" : "2016-08-11T00:00:00", - "ID" : "CVE-2016-5713", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Puppet Agent", - "version" : { - "version_data" : [ - { - "version_value" : "Introduced in 1.3.0, fixed in 1.6.0" - } - ] - } - } - ] - }, - "vendor_name" : "Puppet" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation" - } + "CVE_data_meta": { + "ASSIGNER": "security@puppet.com", + "DATE_PUBLIC": "2016-08-11T00:00:00", + "ID": "CVE-2016-5713", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Puppet Agent", + "version": { + "version_data": [ + { + "version_value": "Introduced in 1.3.0, fixed in 1.6.0" + } + ] + } + } + ] + }, + "vendor_name": "Puppet" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://puppet.com/security/cve/cve-2016-5713", - "refsource" : "CONFIRM", - "url" : "https://puppet.com/security/cve/cve-2016-5713" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://puppet.com/security/cve/cve-2016-5713", + "refsource": "CONFIRM", + "url": "https://puppet.com/security/cve/cve-2016-5713" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5771.json b/2016/5xxx/CVE-2016-5771.json index 2c6c73da630..8137288f81a 100644 --- a/2016/5xxx/CVE-2016-5771.json +++ b/2016/5xxx/CVE-2016-5771.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160623 Re: CVE for PHP 5.5.37 issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/23/4" - }, - { - "name" : "http://github.com/php/php-src/commit/3f627e580acfdaf0595ae3b115b8bec677f203ee?w=1", - "refsource" : "CONFIRM", - "url" : "http://github.com/php/php-src/commit/3f627e580acfdaf0595ae3b115b8bec677f203ee?w=1" - }, - { - "name" : "http://php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-5.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=72433", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=72433" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731" - }, - { - "name" : "https://support.apple.com/HT207170", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207170" - }, - { - "name" : "APPLE-SA-2016-09-20", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" - }, - { - "name" : "DSA-3618", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3618" - }, - { - "name" : "RHSA-2016:2750", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html" - }, - { - "name" : "openSUSE-SU-2016:1761", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html" - }, - { - "name" : "openSUSE-SU-2016:1922", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html" - }, - { - "name" : "91401", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91401" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://github.com/php/php-src/commit/3f627e580acfdaf0595ae3b115b8bec677f203ee?w=1", + "refsource": "CONFIRM", + "url": "http://github.com/php/php-src/commit/3f627e580acfdaf0595ae3b115b8bec677f203ee?w=1" + }, + { + "name": "APPLE-SA-2016-09-20", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" + }, + { + "name": "openSUSE-SU-2016:1761", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html" + }, + { + "name": "openSUSE-SU-2016:1922", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html" + }, + { + "name": "RHSA-2016:2750", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html" + }, + { + "name": "https://bugs.php.net/bug.php?id=72433", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=72433" + }, + { + "name": "http://php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-5.php" + }, + { + "name": "[oss-security] 20160623 Re: CVE for PHP 5.5.37 issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/23/4" + }, + { + "name": "DSA-3618", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3618" + }, + { + "name": "91401", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91401" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731" + }, + { + "name": "https://support.apple.com/HT207170", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207170" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5795.json b/2016/5xxx/CVE-2016-5795.json index 0816caf51a3..7517922dc18 100644 --- a/2016/5xxx/CVE-2016-5795.json +++ b/2016/5xxx/CVE-2016-5795.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-5795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-150-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-150-01" - }, - { - "name" : "100558", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100558" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100558", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100558" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-150-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-150-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5935.json b/2016/5xxx/CVE-2016-5935.json index 99ca592c009..14483d421aa 100644 --- a/2016/5xxx/CVE-2016-5935.json +++ b/2016/5xxx/CVE-2016-5935.json @@ -1,100 +1,100 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-5935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Tivoli Components", - "version" : { - "version_data" : [ - { - "version_value" : "1.1" - }, - { - "version_value" : "1.1.0.1" - }, - { - "version_value" : "1.1.0.2" - }, - { - "version_value" : "1.1.0.3" - }, - { - "version_value" : "2.1" - }, - { - "version_value" : "2.2" - }, - { - "version_value" : "1.1.1" - }, - { - "version_value" : "1.1.2" - }, - { - "version_value" : "1.1.2.1" - }, - { - "version_value" : "2.1.1.0" - }, - { - "version_value" : "2.1.1.2" - }, - { - "version_value" : "1.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-5935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tivoli Components", + "version": { + "version_data": [ + { + "version_value": "1.1" + }, + { + "version_value": "1.1.0.1" + }, + { + "version_value": "1.1.0.2" + }, + { + "version_value": "1.1.0.3" + }, + { + "version_value": "2.1" + }, + { + "version_value": "2.2" + }, + { + "version_value": "1.1.1" + }, + { + "version_value": "1.1.2" + }, + { + "version_value": "1.1.2.1" + }, + { + "version_value": "2.1.1.0" + }, + { + "version_value": "2.1.1.2" + }, + { + "version_value": "1.1.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21997711", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21997711" - }, - { - "name" : "96003", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96003", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96003" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21997711", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21997711" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2129.json b/2018/2xxx/CVE-2018-2129.json index 902624c802c..e47034a2045 100644 --- a/2018/2xxx/CVE-2018-2129.json +++ b/2018/2xxx/CVE-2018-2129.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2129", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2129", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2176.json b/2018/2xxx/CVE-2018-2176.json index ceb51f03707..5f83688a582 100644 --- a/2018/2xxx/CVE-2018-2176.json +++ b/2018/2xxx/CVE-2018-2176.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2176", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2176", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2284.json b/2018/2xxx/CVE-2018-2284.json index 91fc54858ac..7847715a6ac 100644 --- a/2018/2xxx/CVE-2018-2284.json +++ b/2018/2xxx/CVE-2018-2284.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2284", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2284", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2303.json b/2018/2xxx/CVE-2018-2303.json index 777f5dc81ab..de992c34cfe 100644 --- a/2018/2xxx/CVE-2018-2303.json +++ b/2018/2xxx/CVE-2018-2303.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2303", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2303", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6032.json b/2018/6xxx/CVE-2018-6032.json index 38e3ab4a205..34d59c8da50 100644 --- a/2018/6xxx/CVE-2018-6032.json +++ b/2018/6xxx/CVE-2018-6032.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-6032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "64.0.3282.119" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient policy enforcement" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-6032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "64.0.3282.119" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html" - }, - { - "name" : "https://crbug.com/787103", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/787103" - }, - { - "name" : "DSA-4103", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4103" - }, - { - "name" : "RHSA-2018:0265", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0265" - }, - { - "name" : "102797", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102797" - }, - { - "name" : "1040282", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html" + }, + { + "name": "DSA-4103", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4103" + }, + { + "name": "102797", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102797" + }, + { + "name": "1040282", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040282" + }, + { + "name": "RHSA-2018:0265", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0265" + }, + { + "name": "https://crbug.com/787103", + "refsource": "CONFIRM", + "url": "https://crbug.com/787103" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6114.json b/2018/6xxx/CVE-2018-6114.json index d7a8b9524e5..3638cc50438 100644 --- a/2018/6xxx/CVE-2018-6114.json +++ b/2018/6xxx/CVE-2018-6114.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-6114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "66.0.3359.117" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect enforcement of CSP for tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient policy enforcement" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-6114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "66.0.3359.117" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/811691", - "refsource" : "MISC", - "url" : "https://crbug.com/811691" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4182", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4182" - }, - { - "name" : "GLSA-201804-22", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201804-22" - }, - { - "name" : "RHSA-2018:1195", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1195" - }, - { - "name" : "103917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect enforcement of CSP for tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201804-22", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201804-22" + }, + { + "name": "https://crbug.com/811691", + "refsource": "MISC", + "url": "https://crbug.com/811691" + }, + { + "name": "DSA-4182", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4182" + }, + { + "name": "103917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103917" + }, + { + "name": "RHSA-2018:1195", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1195" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6223.json b/2018/6xxx/CVE-2018-6223.json index b758ac08caf..ec083695381 100644 --- a/2018/6xxx/CVE-2018-6223.json +++ b/2018/6xxx/CVE-2018-6223.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2018-6223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Email Encryption Gateway", - "version" : { - "version_data" : [ - { - "version_value" : "5.5" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to manipulate the registration process of the product to reset configuration parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "INCORRECT ACCESS CONTROL" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2018-6223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Email Encryption Gateway", + "version": { + "version_data": [ + { + "version_value": "5.5" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44166", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44166/" - }, - { - "name" : "https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities" - }, - { - "name" : "https://success.trendmicro.com/solution/1119349", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1119349" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to manipulate the registration process of the product to reset configuration parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "INCORRECT ACCESS CONTROL" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44166", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44166/" + }, + { + "name": "https://success.trendmicro.com/solution/1119349", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1119349" + }, + { + "name": "https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6396.json b/2018/6xxx/CVE-2018-6396.json index 55bcd1640d8..c0cbea8832a 100644 --- a/2018/6xxx/CVE-2018-6396.json +++ b/2018/6xxx/CVE-2018-6396.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44113", - "refsource" : "EXPLOIT-DB", - "url" : "https://exploit-db.com/exploits/44113" - }, - { - "name" : "103094", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103094" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44113", + "refsource": "EXPLOIT-DB", + "url": "https://exploit-db.com/exploits/44113" + }, + { + "name": "103094", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103094" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0085.json b/2019/0xxx/CVE-2019-0085.json index 47dbe97af70..0c907cdce46 100644 --- a/2019/0xxx/CVE-2019-0085.json +++ b/2019/0xxx/CVE-2019-0085.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0085", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0085", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0105.json b/2019/0xxx/CVE-2019-0105.json index 340f918e1ca..ac546e004ce 100644 --- a/2019/0xxx/CVE-2019-0105.json +++ b/2019/0xxx/CVE-2019-0105.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2019-02-12T00:00:00", - "ID" : "CVE-2019-0105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insufficient file permissions checking in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow authenticated user to potentially enable escalation of privilege via local access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2019-02-12T00:00:00", + "ID": "CVE-2019-0105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html" - }, - { - "name" : "107069", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107069" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient file permissions checking in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01" + }, + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html" + }, + { + "name": "107069", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107069" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1079.json b/2019/1xxx/CVE-2019-1079.json index 473ac52c9ec..50c6d0b0ac5 100644 --- a/2019/1xxx/CVE-2019-1079.json +++ b/2019/1xxx/CVE-2019-1079.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1079", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1079", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1095.json b/2019/1xxx/CVE-2019-1095.json index bef544d6268..b18ee60ae0d 100644 --- a/2019/1xxx/CVE-2019-1095.json +++ b/2019/1xxx/CVE-2019-1095.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1095", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1095", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1359.json b/2019/1xxx/CVE-2019-1359.json index c723faab46b..a268fe32042 100644 --- a/2019/1xxx/CVE-2019-1359.json +++ b/2019/1xxx/CVE-2019-1359.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1359", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1359", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1486.json b/2019/1xxx/CVE-2019-1486.json index 25b5c0bb34a..3313e67c7c8 100644 --- a/2019/1xxx/CVE-2019-1486.json +++ b/2019/1xxx/CVE-2019-1486.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1486", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1486", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1674.json b/2019/1xxx/CVE-2019-1674.json index e0e5cdc915e..c5b5c4f027e 100644 --- a/2019/1xxx/CVE-2019-1674.json +++ b/2019/1xxx/CVE-2019-1674.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2019-02-27T16:00:00-0800", - "ID" : "CVE-2019-1674", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools Update Service Command Injection Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Webex Meetings Desktop App ", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "33.6.6" - }, - { - "affected" : "<", - "version_value" : "33.9.1" - } - ] - } - }, - { - "product_name" : "Cisco Webex Productivity Tools", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "33.0.7" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools. This vulnerability is fixed in Cisco Webex Meetings Desktop App Release 33.6.6 and 33.9.1 releases. This vulnerability is fixed in Cisco Webex Productivity Tools Release 33.0.7." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "7.8", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-78" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-02-27T16:00:00-0800", + "ID": "CVE-2019-1674", + "STATE": "PUBLIC", + "TITLE": "Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools Update Service Command Injection Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Webex Meetings Desktop App ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "33.6.6" + }, + { + "affected": "<", + "version_value": "33.9.1" + } + ] + } + }, + { + "product_name": "Cisco Webex Productivity Tools", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "33.0.7" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46479", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46479/" - }, - { - "name" : "20190227 Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools Update Service Command Injection Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-wmda-cmdinj" - }, - { - "name" : "107184", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107184" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20190227-wmda-cmdinj", - "defect" : [ - [ - "CSCvn55874" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools. This vulnerability is fixed in Cisco Webex Meetings Desktop App Release 33.6.6 and 33.9.1 releases. This vulnerability is fixed in Cisco Webex Productivity Tools Release 33.0.7." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "7.8", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "107184", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107184" + }, + { + "name": "20190227 Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools Update Service Command Injection Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-wmda-cmdinj" + }, + { + "name": "46479", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46479/" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190227-wmda-cmdinj", + "defect": [ + [ + "CSCvn55874" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5142.json b/2019/5xxx/CVE-2019-5142.json index 1b1acaf4f21..fbdfeb6df45 100644 --- a/2019/5xxx/CVE-2019-5142.json +++ b/2019/5xxx/CVE-2019-5142.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5142", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5142", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5204.json b/2019/5xxx/CVE-2019-5204.json index 2ff51ff96c8..6e080fbf0d4 100644 --- a/2019/5xxx/CVE-2019-5204.json +++ b/2019/5xxx/CVE-2019-5204.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5204", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5204", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5259.json b/2019/5xxx/CVE-2019-5259.json index 8e1d4eff4d7..aec684ee209 100644 --- a/2019/5xxx/CVE-2019-5259.json +++ b/2019/5xxx/CVE-2019-5259.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5259", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5259", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5426.json b/2019/5xxx/CVE-2019-5426.json index 2ae167b024f..15a90da902c 100644 --- a/2019/5xxx/CVE-2019-5426.json +++ b/2019/5xxx/CVE-2019-5426.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5426", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5426", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file