From 4dcd44ef6fd04cb48b97ef17cf54ff1067f3cf63 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:06:22 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/0xxx/CVE-1999-0693.json | 150 +++++++++--------- 1999/0xxx/CVE-1999-0926.json | 120 +++++++------- 1999/1xxx/CVE-1999-1023.json | 130 +++++++-------- 1999/1xxx/CVE-1999-1286.json | 160 +++++++++---------- 1999/1xxx/CVE-1999-1342.json | 120 +++++++------- 2000/0xxx/CVE-2000-0001.json | 120 +++++++------- 2000/0xxx/CVE-2000-0061.json | 120 +++++++------- 2000/0xxx/CVE-2000-0204.json | 150 +++++++++--------- 2000/0xxx/CVE-2000-0436.json | 140 ++++++++-------- 2000/0xxx/CVE-2000-0439.json | 170 ++++++++++---------- 2000/0xxx/CVE-2000-0452.json | 140 ++++++++-------- 2000/0xxx/CVE-2000-0648.json | 130 +++++++-------- 2000/0xxx/CVE-2000-0753.json | 150 +++++++++--------- 2000/1xxx/CVE-2000-1021.json | 140 ++++++++-------- 2005/2xxx/CVE-2005-2139.json | 150 +++++++++--------- 2005/2xxx/CVE-2005-2577.json | 150 +++++++++--------- 2005/2xxx/CVE-2005-2723.json | 160 +++++++++---------- 2005/3xxx/CVE-2005-3545.json | 190 +++++++++++----------- 2007/5xxx/CVE-2007-5071.json | 190 +++++++++++----------- 2007/5xxx/CVE-2007-5111.json | 160 +++++++++---------- 2007/5xxx/CVE-2007-5361.json | 210 ++++++++++++------------ 2007/5xxx/CVE-2007-5481.json | 150 +++++++++--------- 2007/5xxx/CVE-2007-5723.json | 160 +++++++++---------- 2009/2xxx/CVE-2009-2448.json | 120 +++++++------- 2009/2xxx/CVE-2009-2456.json | 170 ++++++++++---------- 2009/2xxx/CVE-2009-2623.json | 34 ++-- 2009/2xxx/CVE-2009-2689.json | 300 +++++++++++++++++------------------ 2009/3xxx/CVE-2009-3324.json | 120 +++++++------- 2009/3xxx/CVE-2009-3714.json | 160 +++++++++---------- 2015/0xxx/CVE-2015-0575.json | 132 +++++++-------- 2015/0xxx/CVE-2015-0588.json | 160 +++++++++---------- 2015/0xxx/CVE-2015-0942.json | 34 ++-- 2015/0xxx/CVE-2015-0982.json | 130 +++++++-------- 2015/3xxx/CVE-2015-3968.json | 120 +++++++------- 2015/4xxx/CVE-2015-4408.json | 120 +++++++------- 2015/4xxx/CVE-2015-4499.json | 200 +++++++++++------------ 2015/4xxx/CVE-2015-4738.json | 130 +++++++-------- 2015/4xxx/CVE-2015-4834.json | 130 +++++++-------- 2015/4xxx/CVE-2015-4918.json | 34 ++-- 2015/8xxx/CVE-2015-8342.json | 34 ++-- 2015/8xxx/CVE-2015-8465.json | 34 ++-- 2015/8xxx/CVE-2015-8612.json | 210 ++++++++++++------------ 2015/8xxx/CVE-2015-8792.json | 160 +++++++++---------- 2015/9xxx/CVE-2015-9266.json | 232 +++++++++++++-------------- 2016/5xxx/CVE-2016-5176.json | 150 +++++++++--------- 2016/5xxx/CVE-2016-5426.json | 170 ++++++++++---------- 2016/5xxx/CVE-2016-5876.json | 130 +++++++-------- 2018/2xxx/CVE-2018-2383.json | 164 +++++++++---------- 2018/2xxx/CVE-2018-2489.json | 138 ++++++++-------- 2018/2xxx/CVE-2018-2793.json | 158 +++++++++--------- 2018/2xxx/CVE-2018-2813.json | 278 ++++++++++++++++---------------- 2018/6xxx/CVE-2018-6026.json | 34 ++-- 2018/6xxx/CVE-2018-6200.json | 120 +++++++------- 2018/6xxx/CVE-2018-6576.json | 120 +++++++------- 2018/7xxx/CVE-2018-7451.json | 34 ++-- 2018/7xxx/CVE-2018-7626.json | 34 ++-- 2019/0xxx/CVE-2019-0172.json | 34 ++-- 2019/1xxx/CVE-2019-1057.json | 34 ++-- 2019/1xxx/CVE-2019-1088.json | 34 ++-- 2019/1xxx/CVE-2019-1797.json | 34 ++-- 2019/1xxx/CVE-2019-1844.json | 34 ++-- 2019/5xxx/CVE-2019-5081.json | 34 ++-- 2019/5xxx/CVE-2019-5119.json | 34 ++-- 2019/5xxx/CVE-2019-5168.json | 34 ++-- 2019/5xxx/CVE-2019-5967.json | 34 ++-- 65 files changed, 4030 insertions(+), 4030 deletions(-) diff --git a/1999/0xxx/CVE-1999-0693.json b/1999/0xxx/CVE-1999-0693.json index 5a7047e1165..07809392d8b 100644 --- a/1999/0xxx/CVE-1999-0693.json +++ b/1999/0xxx/CVE-1999-0693.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0693", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "00192", - "refsource" : "SUN", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/192" - }, - { - "name" : "HPSBUX9909-103", - "refsource" : "HP", - "url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9909-103" - }, - { - "name" : "641", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/641" - }, - { - "name" : "oval:org.mitre.oval:def:4374", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4374" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "641", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/641" + }, + { + "name": "HPSBUX9909-103", + "refsource": "HP", + "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9909-103" + }, + { + "name": "00192", + "refsource": "SUN", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/192" + }, + { + "name": "oval:org.mitre.oval:def:4374", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4374" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0926.json b/1999/0xxx/CVE-1999-0926.json index 68e032f4916..5e360f06165 100644 --- a/1999/0xxx/CVE-1999-0926.json +++ b/1999/0xxx/CVE-1999-0926.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache allows remote attackers to conduct a denial of service via a large number of MIME headers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990903 Web servers / possible DOS Attack / mime header flooding", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/1998_3/0742.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache allows remote attackers to conduct a denial of service via a large number of MIME headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19990903 Web servers / possible DOS Attack / mime header flooding", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/1998_3/0742.html" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1023.json b/1999/1xxx/CVE-1999-1023.json index dbf82aa5087..a8ebe198838 100644 --- a/1999/1xxx/CVE-1999-1023.json +++ b/1999/1xxx/CVE-1999-1023.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "useradd in Solaris 7.0 does not properly interpret certain date formats as specified in the \"-e\" (expiration date) argument, which could allow users to login after their accounts have expired." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990610 Sun Useradd program expiration date bug", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=92904175406756&w=2" - }, - { - "name" : "426", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "useradd in Solaris 7.0 does not properly interpret certain date formats as specified in the \"-e\" (expiration date) argument, which could allow users to login after their accounts have expired." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "426", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/426" + }, + { + "name": "19990610 Sun Useradd program expiration date bug", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=92904175406756&w=2" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1286.json b/1999/1xxx/CVE-1999-1286.json index c375ff5965f..e67900ab420 100644 --- a/1999/1xxx/CVE-1999-1286.json +++ b/1999/1xxx/CVE-1999-1286.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "addnetpr in SGI IRIX 6.2 and earlier allows local users to modify arbitrary files and possibly gain root access via a symlink attack on a temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19970509 Re: Irix: misc", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=87602167420927&w=2" - }, - { - "name" : "ftp://patches.sgi.com/support/free/security/advisories/19961203-02-PX", - "refsource" : "MISC", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/19961203-02-PX" - }, - { - "name" : "330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/330" - }, - { - "name" : "8560", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8560" - }, - { - "name" : "irix-addnetpr(1433)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "addnetpr in SGI IRIX 6.2 and earlier allows local users to modify arbitrary files and possibly gain root access via a symlink attack on a temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "irix-addnetpr(1433)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1433" + }, + { + "name": "8560", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8560" + }, + { + "name": "ftp://patches.sgi.com/support/free/security/advisories/19961203-02-PX", + "refsource": "MISC", + "url": "ftp://patches.sgi.com/support/free/security/advisories/19961203-02-PX" + }, + { + "name": "19970509 Re: Irix: misc", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=87602167420927&w=2" + }, + { + "name": "330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/330" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1342.json b/1999/1xxx/CVE-1999-1342.json index 90420062bb1..f43b58a9749 100644 --- a/1999/1xxx/CVE-1999-1342.json +++ b/1999/1xxx/CVE-1999-1342.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ICQ ActiveList Server allows remote attackers to cause a denial of service (crash) via malformed packets to the server's UDP port." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19991017 ICQ ActiveList Server Exploit...", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=94042342010662&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ICQ ActiveList Server allows remote attackers to cause a denial of service (crash) via malformed packets to the server's UDP port." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19991017 ICQ ActiveList Server Exploit...", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=94042342010662&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0001.json b/2000/0xxx/CVE-2000-0001.json index 4c117c8bd6c..242158fde29 100644 --- a/2000/0xxx/CVE-2000-0001.json +++ b/2000/0xxx/CVE-2000-0001.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0001", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RealMedia server allows remote attackers to cause a denial of service via a long ramgen request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "888", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RealMedia server allows remote attackers to cause a denial of service via a long ramgen request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "888", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/888" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0061.json b/2000/0xxx/CVE-2000-0061.json index f9b080c7cb3..db005e6d110 100644 --- a/2000/0xxx/CVE-2000-0061.json +++ b/2000/0xxx/CVE-2000-0061.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0061", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0061", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "923", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/923" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "923", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/923" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0204.json b/2000/0xxx/CVE-2000-0204.json index a7713334945..448d5014de8 100644 --- a/2000/0xxx/CVE-2000-0204.json +++ b/2000/0xxx/CVE-2000-0204.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Trend Micro OfficeScan client allows remote attackers to cause a denial of service by making 5 connections to port 12345, which raises CPU utilization to 100%." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000226 DOS in Trendmicro OfficeScan", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-02/0340.html" - }, - { - "name" : "20000315 Trend Micro release patch for \"OfficeScan DoS & Message Replay\" V ulnerabilies", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B@209-76-212-10.trendmicro.com" - }, - { - "name" : "http://www.antivirus.com/download/ofce_patch_35.htm", - "refsource" : "MISC", - "url" : "http://www.antivirus.com/download/ofce_patch_35.htm" - }, - { - "name" : "1013", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Trend Micro OfficeScan client allows remote attackers to cause a denial of service by making 5 connections to port 12345, which raises CPU utilization to 100%." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000226 DOS in Trendmicro OfficeScan", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-02/0340.html" + }, + { + "name": "20000315 Trend Micro release patch for \"OfficeScan DoS & Message Replay\" V ulnerabilies", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B@209-76-212-10.trendmicro.com" + }, + { + "name": "http://www.antivirus.com/download/ofce_patch_35.htm", + "refsource": "MISC", + "url": "http://www.antivirus.com/download/ofce_patch_35.htm" + }, + { + "name": "1013", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1013" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0436.json b/2000/0xxx/CVE-2000-0436.json index 02e867e0025..ec5b8188552 100644 --- a/2000/0xxx/CVE-2000-0436.json +++ b/2000/0xxx/CVE-2000-0436.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0436", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MetaProducts Offline Explorer 1.2 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0436", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000522 MetaProducts Offline Explorer Directory Traversal Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-05/0254.html" - }, - { - "name" : "http://www.metaproducts.com/mpOE-HY.html", - "refsource" : "CONFIRM", - "url" : "http://www.metaproducts.com/mpOE-HY.html" - }, - { - "name" : "1231", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MetaProducts Offline Explorer 1.2 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1231", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1231" + }, + { + "name": "http://www.metaproducts.com/mpOE-HY.html", + "refsource": "CONFIRM", + "url": "http://www.metaproducts.com/mpOE-HY.html" + }, + { + "name": "20000522 MetaProducts Offline Explorer Directory Traversal Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0254.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0439.json b/2000/0xxx/CVE-2000-0439.json index 9f7c8612bbb..4189e4d6ca7 100644 --- a/2000/0xxx/CVE-2000-0439.json +++ b/2000/0xxx/CVE-2000-0439.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0439", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the \"Unauthorized Cookie Access\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0439", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000510 IE Domain Confusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000511135609.D7774@securityfocus.com" - }, - { - "name" : "20000511 IE Domain Confusion Vulnerability is an Email problem also", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=NDBBKGHPMKBKDDGLDEEHAEHMDIAA.rms2000@bellatlantic.net" - }, - { - "name" : "MS00-033", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-033" - }, - { - "name" : "1194", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1194" - }, - { - "name" : "1326", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1326" - }, - { - "name" : "ie-cookie-disclosure(4447)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/4447" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the \"Unauthorized Cookie Access\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1194", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1194" + }, + { + "name": "20000511 IE Domain Confusion Vulnerability is an Email problem also", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=NDBBKGHPMKBKDDGLDEEHAEHMDIAA.rms2000@bellatlantic.net" + }, + { + "name": "MS00-033", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-033" + }, + { + "name": "ie-cookie-disclosure(4447)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4447" + }, + { + "name": "20000510 IE Domain Confusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000511135609.D7774@securityfocus.com" + }, + { + "name": "1326", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1326" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0452.json b/2000/0xxx/CVE-2000-0452.json index 9d9e64ddfb8..b3943a7147c 100644 --- a/2000/0xxx/CVE-2000-0452.json +++ b/2000/0xxx/CVE-2000-0452.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1 allows remote attackers to cause a denial of service via a long MAIL FROM command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000518 Lotus ESMTP Service (Lotus Domino Release 5.0.1 (Intl))", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-05/0219.html" - }, - { - "name" : "1229", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1229" - }, - { - "name" : "321", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1 allows remote attackers to cause a denial of service via a long MAIL FROM command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000518 Lotus ESMTP Service (Lotus Domino Release 5.0.1 (Intl))", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0219.html" + }, + { + "name": "321", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/321" + }, + { + "name": "1229", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1229" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0648.json b/2000/0xxx/CVE-2000-0648.json index f05465ebc06..e39721c41e0 100644 --- a/2000/0xxx/CVE-2000-0648.json +++ b/2000/0xxx/CVE-2000-0648.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of service by executing the RENAME TO (RNTO) command before a RENAME FROM (RNFR) command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000711 WFTPD/WFTPD Pro 2.41 RC10 denial-of-service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=E13BvU6-0007d8-00@dwarf.box.sk" - }, - { - "name" : "1456", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of service by executing the RENAME TO (RNTO) command before a RENAME FROM (RNFR) command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000711 WFTPD/WFTPD Pro 2.41 RC10 denial-of-service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=E13BvU6-0007d8-00@dwarf.box.sk" + }, + { + "name": "1456", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1456" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0753.json b/2000/0xxx/CVE-2000-0753.json index cd0012f2cfb..339da41629d 100644 --- a/2000/0xxx/CVE-2000-0753.json +++ b/2000/0xxx/CVE-2000-0753.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0753", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000824 Outlook winmail.dat", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/78240" - }, - { - "name" : "20010802 Outlook 2000 Rich Text information disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/201422" - }, - { - "name" : "1631", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1631" - }, - { - "name" : "outlook-reveal-path(5508)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1631", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1631" + }, + { + "name": "20010802 Outlook 2000 Rich Text information disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/201422" + }, + { + "name": "outlook-reveal-path(5508)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5508" + }, + { + "name": "20000824 Outlook winmail.dat", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/78240" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1021.json b/2000/1xxx/CVE-2000-1021.json index 396881b063f..05e0457e01f 100644 --- a/2000/1xxx/CVE-2000-1021.json +++ b/2000/1xxx/CVE-2000-1021.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1021", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1021", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000917 VIGILANTE-2000012: Mdaemon Web Services Heap Overflow DoS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=96925269716274&w=2" - }, - { - "name" : "1689", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1689" - }, - { - "name" : "mdaemon-url-dos(5250)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1689", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1689" + }, + { + "name": "mdaemon-url-dos(5250)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5250" + }, + { + "name": "20000917 VIGILANTE-2000012: Mdaemon Web Services Heap Overflow DoS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=96925269716274&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2139.json b/2005/2xxx/CVE-2005-2139.json index 80cf4501620..98a388cf3ec 100644 --- a/2005/2xxx/CVE-2005-2139.json +++ b/2005/2xxx/CVE-2005-2139.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in user_check.php for Pavsta Auto Site allows remote attackers to execute arbitrary PHP code via the sitepath parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2005-0930", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0930" - }, - { - "name" : "17631", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/17631" - }, - { - "name" : "1014321", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014321" - }, - { - "name" : "15873", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15873" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in user_check.php for Pavsta Auto Site allows remote attackers to execute arbitrary PHP code via the sitepath parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014321", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014321" + }, + { + "name": "17631", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/17631" + }, + { + "name": "15873", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15873" + }, + { + "name": "ADV-2005-0930", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0930" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2577.json b/2005/2xxx/CVE-2005-2577.json index a5e49cd44aa..e37abba5c92 100644 --- a/2005/2xxx/CVE-2005-2577.json +++ b/2005/2xxx/CVE-2005-2577.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows remote attackers to cause a denial of service (device crash) via a packet with a zero in the IP option length field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050810 remote DOS on Wyse thin client 1125SE", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112379283900586&w=2" - }, - { - "name" : "14536", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14536" - }, - { - "name" : "1014659", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014659" - }, - { - "name" : "16409", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16409" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows remote attackers to cause a denial of service (device crash) via a packet with a zero in the IP option length field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050810 remote DOS on Wyse thin client 1125SE", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112379283900586&w=2" + }, + { + "name": "16409", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16409" + }, + { + "name": "14536", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14536" + }, + { + "name": "1014659", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014659" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2723.json b/2005/2xxx/CVE-2005-2723.json index dcc1f004526..75b93231f1b 100644 --- a/2005/2xxx/CVE-2005-2723.json +++ b/2005/2xxx/CVE-2005-2723.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in auth.php in PaFileDB 3.1, when authmethod is set to cookies, allows remote attackers to execute arbitrary SQL commands via the username value in the pafiledbcookie cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050824 PaFileDB 3.1 - SQL-Injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112490781927680&w=2" - }, - { - "name" : "http://www.security-project.org/projects/board/showthread.php?t=947", - "refsource" : "MISC", - "url" : "http://www.security-project.org/projects/board/showthread.php?t=947" - }, - { - "name" : "14654", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14654" - }, - { - "name" : "16566", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16566/" - }, - { - "name" : "pafiledb-auth-sql-injection(21988)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21988" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in auth.php in PaFileDB 3.1, when authmethod is set to cookies, allows remote attackers to execute arbitrary SQL commands via the username value in the pafiledbcookie cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14654", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14654" + }, + { + "name": "pafiledb-auth-sql-injection(21988)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21988" + }, + { + "name": "16566", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16566/" + }, + { + "name": "http://www.security-project.org/projects/board/showthread.php?t=947", + "refsource": "MISC", + "url": "http://www.security-project.org/projects/board/showthread.php?t=947" + }, + { + "name": "20050824 PaFileDB 3.1 - SQL-Injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112490781927680&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3545.json b/2005/3xxx/CVE-2005-3545.json index 6738c6975c5..695a895b88e 100644 --- a/2005/3xxx/CVE-2005-3545.json +++ b/2005/3xxx/CVE-2005-3545.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php of the report module in ibProArcade 2.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051105 Sql injection in ibProArcade", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/415793" - }, - { - "name" : "http://www.ibproarcade.com/index.php?showtopic=7575&pid=47370&st=0&#entry47370", - "refsource" : "CONFIRM", - "url" : "http://www.ibproarcade.com/index.php?showtopic=7575&pid=47370&st=0&#entry47370" - }, - { - "name" : "http://www.ibproarcade.com/index.php?showtopic=7576&pid=47373&st=0&#entry47373", - "refsource" : "CONFIRM", - "url" : "http://www.ibproarcade.com/index.php?showtopic=7576&pid=47373&st=0&#entry47373" - }, - { - "name" : "15333", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15333" - }, - { - "name" : "ADV-2005-2334", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2334" - }, - { - "name" : "20514", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/20514" - }, - { - "name" : "17457", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17457" - }, - { - "name" : "151", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/151" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php of the report module in ibProArcade 2.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibproarcade.com/index.php?showtopic=7576&pid=47373&st=0&#entry47373", + "refsource": "CONFIRM", + "url": "http://www.ibproarcade.com/index.php?showtopic=7576&pid=47373&st=0&#entry47373" + }, + { + "name": "http://www.ibproarcade.com/index.php?showtopic=7575&pid=47370&st=0&#entry47370", + "refsource": "CONFIRM", + "url": "http://www.ibproarcade.com/index.php?showtopic=7575&pid=47370&st=0&#entry47370" + }, + { + "name": "17457", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17457" + }, + { + "name": "151", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/151" + }, + { + "name": "ADV-2005-2334", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2334" + }, + { + "name": "20051105 Sql injection in ibProArcade", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/415793" + }, + { + "name": "20514", + "refsource": "OSVDB", + "url": "http://osvdb.org/20514" + }, + { + "name": "15333", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15333" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5071.json b/2007/5xxx/CVE-2007-5071.json index 8b50a3af6fb..db3ab6b59a8 100644 --- a/2007/5xxx/CVE-2007-5071.json +++ b/2007/5xxx/CVE-2007-5071.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP Blog before 0.5.1 allows remote attackers to upload dangerous files and execute arbitrary code, as demonstrated by a filename ending in .php. or a .htaccess file, a different vector than CVE-2005-2733. NOTE: the vulnerability was also present in a 0.5.1 download available in the early morning of 20070923. NOTE: the original 20070920 disclosure provided an incorrect filename, img_upload_cgi.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070920 SimplePHPBlog Hacking", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/480092/100/0/threaded" - }, - { - "name" : "20070925 Simple PHP Blog Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/480569/100/0/threaded" - }, - { - "name" : "http://www.securenetwork.it/ricerca/advisory/download/SN-2007-03.txt", - "refsource" : "MISC", - "url" : "http://www.securenetwork.it/ricerca/advisory/download/SN-2007-03.txt" - }, - { - "name" : "http://www.simplephpblog.com/comments.php?y=07&m=09&entry=entry070923-004446", - "refsource" : "CONFIRM", - "url" : "http://www.simplephpblog.com/comments.php?y=07&m=09&entry=entry070923-004446" - }, - { - "name" : "http://www.simplephpblog.com/index.php?m=09&y=07", - "refsource" : "CONFIRM", - "url" : "http://www.simplephpblog.com/index.php?m=09&y=07" - }, - { - "name" : "25747", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25747" - }, - { - "name" : "26968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26968" - }, - { - "name" : "simplephpblog-uploadimgcgi-file-upload(36785)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36785" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP Blog before 0.5.1 allows remote attackers to upload dangerous files and execute arbitrary code, as demonstrated by a filename ending in .php. or a .htaccess file, a different vector than CVE-2005-2733. NOTE: the vulnerability was also present in a 0.5.1 download available in the early morning of 20070923. NOTE: the original 20070920 disclosure provided an incorrect filename, img_upload_cgi.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26968" + }, + { + "name": "25747", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25747" + }, + { + "name": "simplephpblog-uploadimgcgi-file-upload(36785)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36785" + }, + { + "name": "http://www.securenetwork.it/ricerca/advisory/download/SN-2007-03.txt", + "refsource": "MISC", + "url": "http://www.securenetwork.it/ricerca/advisory/download/SN-2007-03.txt" + }, + { + "name": "http://www.simplephpblog.com/comments.php?y=07&m=09&entry=entry070923-004446", + "refsource": "CONFIRM", + "url": "http://www.simplephpblog.com/comments.php?y=07&m=09&entry=entry070923-004446" + }, + { + "name": "http://www.simplephpblog.com/index.php?m=09&y=07", + "refsource": "CONFIRM", + "url": "http://www.simplephpblog.com/index.php?m=09&y=07" + }, + { + "name": "20070925 Simple PHP Blog Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/480569/100/0/threaded" + }, + { + "name": "20070920 SimplePHPBlog Hacking", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/480092/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5111.json b/2007/5xxx/CVE-2007-5111.json index e27bf2301db..d14b7cf4716 100644 --- a/2007/5xxx/CVE-2007-5111.json +++ b/2007/5xxx/CVE-2007-5111.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A certain ActiveX control in EBCRYPT.DLL 2.0 in EB Design ebCrypt allows remote attackers to cause a denial of service (crash) via a string argument to the AddString method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4453", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4453" - }, - { - "name" : "http://shinnai.altervista.org/exploits/txt/TXT_ZzLXiITIfSuVuh1kPHDP.html", - "refsource" : "MISC", - "url" : "http://shinnai.altervista.org/exploits/txt/TXT_ZzLXiITIfSuVuh1kPHDP.html" - }, - { - "name" : "25789", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25789" - }, - { - "name" : "38726", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38726" - }, - { - "name" : "ebcrypt-ebcprngenerator-dos(36770)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36770" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A certain ActiveX control in EBCRYPT.DLL 2.0 in EB Design ebCrypt allows remote attackers to cause a denial of service (crash) via a string argument to the AddString method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ebcrypt-ebcprngenerator-dos(36770)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36770" + }, + { + "name": "http://shinnai.altervista.org/exploits/txt/TXT_ZzLXiITIfSuVuh1kPHDP.html", + "refsource": "MISC", + "url": "http://shinnai.altervista.org/exploits/txt/TXT_ZzLXiITIfSuVuh1kPHDP.html" + }, + { + "name": "4453", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4453" + }, + { + "name": "38726", + "refsource": "OSVDB", + "url": "http://osvdb.org/38726" + }, + { + "name": "25789", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25789" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5361.json b/2007/5xxx/CVE-2007-5361.json index 47c0164fd2b..924027e9d73 100644 --- a/2007/5xxx/CVE-2007-5361.json +++ b/2007/5xxx/CVE-2007-5361.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone's MAC address in the filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071119 Alcatel OmniPCX Enterprise VoIP Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/483925/100/0/threaded" - }, - { - "name" : "http://www.csnc.ch/static/advisory/csnc/alcatel_omnipcx_enterprise_audio_rerouting_vulnerability_v1.0.txt", - "refsource" : "MISC", - "url" : "http://www.csnc.ch/static/advisory/csnc/alcatel_omnipcx_enterprise_audio_rerouting_vulnerability_v1.0.txt" - }, - { - "name" : "http://www1.alcatel-lucent.com/psirt/statements/2007004/IPTouchDOS.pdf", - "refsource" : "CONFIRM", - "url" : "http://www1.alcatel-lucent.com/psirt/statements/2007004/IPTouchDOS.pdf" - }, - { - "name" : "26494", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26494" - }, - { - "name" : "ADV-2007-3919", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3919" - }, - { - "name" : "40522", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40522" - }, - { - "name" : "1018983", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018983" - }, - { - "name" : "27710", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27710" - }, - { - "name" : "3387", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3387" - }, - { - "name" : "omnipcx-tftp-dos(38560)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38560" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone's MAC address in the filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3387", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3387" + }, + { + "name": "27710", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27710" + }, + { + "name": "http://www.csnc.ch/static/advisory/csnc/alcatel_omnipcx_enterprise_audio_rerouting_vulnerability_v1.0.txt", + "refsource": "MISC", + "url": "http://www.csnc.ch/static/advisory/csnc/alcatel_omnipcx_enterprise_audio_rerouting_vulnerability_v1.0.txt" + }, + { + "name": "26494", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26494" + }, + { + "name": "omnipcx-tftp-dos(38560)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38560" + }, + { + "name": "http://www1.alcatel-lucent.com/psirt/statements/2007004/IPTouchDOS.pdf", + "refsource": "CONFIRM", + "url": "http://www1.alcatel-lucent.com/psirt/statements/2007004/IPTouchDOS.pdf" + }, + { + "name": "20071119 Alcatel OmniPCX Enterprise VoIP Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/483925/100/0/threaded" + }, + { + "name": "ADV-2007-3919", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3919" + }, + { + "name": "40522", + "refsource": "OSVDB", + "url": "http://osvdb.org/40522" + }, + { + "name": "1018983", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018983" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5481.json b/2007/5xxx/CVE-2007-5481.json index 56fb78e5e06..222bf066d6f 100644 --- a/2007/5xxx/CVE-2007-5481.json +++ b/2007/5xxx/CVE-2007-5481.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Distributed Checksum Clearinghouse (DCC) 1.3.65 allows remote attackers to cause a denial of service (crash) via a \"SOCKS flood.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.rhyolite.com/anti-spam/dcc/CHANGES", - "refsource" : "CONFIRM", - "url" : "http://www.rhyolite.com/anti-spam/dcc/CHANGES" - }, - { - "name" : "26088", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26088" - }, - { - "name" : "27262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27262" - }, - { - "name" : "dcc-socks-streams-dos(37224)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37224" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Distributed Checksum Clearinghouse (DCC) 1.3.65 allows remote attackers to cause a denial of service (crash) via a \"SOCKS flood.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26088", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26088" + }, + { + "name": "27262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27262" + }, + { + "name": "dcc-socks-streams-dos(37224)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37224" + }, + { + "name": "http://www.rhyolite.com/anti-spam/dcc/CHANGES", + "refsource": "CONFIRM", + "url": "http://www.rhyolite.com/anti-spam/dcc/CHANGES" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5723.json b/2007/5xxx/CVE-2007-5723.json index 2eeb0b68792..7058f9a2daf 100644 --- a/2007/5xxx/CVE-2007-5723.json +++ b/2007/5xxx/CVE-2007-5723.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the samp_send function in nuauth/sasl.c in NuFW before 2.2.7 allows remote attackers to cause a denial of service via unspecified input on which base64 encoding is performed. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.nufw.org/+NuFW-2-2-7,207+.html", - "refsource" : "CONFIRM", - "url" : "http://www.nufw.org/+NuFW-2-2-7,207+.html" - }, - { - "name" : "26251", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26251" - }, - { - "name" : "39724", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39724" - }, - { - "name" : "27442", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27442" - }, - { - "name" : "nufw-sampsend-dos(38153)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38153" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the samp_send function in nuauth/sasl.c in NuFW before 2.2.7 allows remote attackers to cause a denial of service via unspecified input on which base64 encoding is performed. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27442", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27442" + }, + { + "name": "26251", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26251" + }, + { + "name": "http://www.nufw.org/+NuFW-2-2-7,207+.html", + "refsource": "CONFIRM", + "url": "http://www.nufw.org/+NuFW-2-2-7,207+.html" + }, + { + "name": "39724", + "refsource": "OSVDB", + "url": "http://osvdb.org/39724" + }, + { + "name": "nufw-sampsend-dos(38153)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38153" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2448.json b/2009/2xxx/CVE-2009-2448.json index 444cd6d1cfc..2bdf250201c 100644 --- a/2009/2xxx/CVE-2009-2448.json +++ b/2009/2xxx/CVE-2009-2448.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Guestbook Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via the search_choice parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35762", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35762" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Guestbook Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via the search_choice parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35762", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35762" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2456.json b/2009/2xxx/CVE-2009-2456.json index d1e5bde7182..a97a6318172 100644 --- a/2009/2xxx/CVE-2009-2456.json +++ b/2009/2xxx/CVE-2009-2456.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2456", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DS\\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (ndsd core dump) via an LDAP request containing multiple . (dot) wildcard characters in the Relative Distinguished Name (RDN)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=3426981", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=3426981" - }, - { - "name" : "35666", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35666" - }, - { - "name" : "55848", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55848" - }, - { - "name" : "34160", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34160" - }, - { - "name" : "ADV-2009-1883", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1883" - }, - { - "name" : "edirectory-rdns-dos(51705)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51705" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DS\\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (ndsd core dump) via an LDAP request containing multiple . (dot) wildcard characters in the Relative Distinguished Name (RDN)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34160", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34160" + }, + { + "name": "http://www.novell.com/support/viewContent.do?externalId=3426981", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=3426981" + }, + { + "name": "55848", + "refsource": "OSVDB", + "url": "http://osvdb.org/55848" + }, + { + "name": "edirectory-rdns-dos(51705)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51705" + }, + { + "name": "35666", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35666" + }, + { + "name": "ADV-2009-1883", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1883" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2623.json b/2009/2xxx/CVE-2009-2623.json index 32f556c138a..f09233af65b 100644 --- a/2009/2xxx/CVE-2009-2623.json +++ b/2009/2xxx/CVE-2009-2623.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2623", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2623", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2689.json b/2009/2xxx/CVE-2009-2689.json index 4ba552c3eaf..0f3f56ad63e 100644 --- a/2009/2xxx/CVE-2009-2689.json +++ b/2009/2xxx/CVE-2009-2689.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html", - "refsource" : "CONFIRM", - "url" : "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html" - }, - { - "name" : "http://java.sun.com/javase/6/webnotes/6u15.html", - "refsource" : "CONFIRM", - "url" : "http://java.sun.com/javase/6/webnotes/6u15.html" - }, - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1" - }, - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=513222", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=513222" - }, - { - "name" : "APPLE-SA-2009-09-03-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html" - }, - { - "name" : "FEDORA-2009-8329", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html" - }, - { - "name" : "FEDORA-2009-8337", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html" - }, - { - "name" : "GLSA-200911-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" - }, - { - "name" : "MDVSA-2009:209", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209" - }, - { - "name" : "RHSA-2009:1199", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1199.html" - }, - { - "name" : "RHSA-2009:1201", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1201.html" - }, - { - "name" : "SUSE-SR:2009:016", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" - }, - { - "name" : "oval:org.mitre.oval:def:9603", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9603" - }, - { - "name" : "36162", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36162" - }, - { - "name" : "36180", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36180" - }, - { - "name" : "36199", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36199" - }, - { - "name" : "37386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37386" - }, - { - "name" : "ADV-2009-2543", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2543" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2009:1199", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1199.html" + }, + { + "name": "36162", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36162" + }, + { + "name": "ADV-2009-2543", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2543" + }, + { + "name": "oval:org.mitre.oval:def:9603", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9603" + }, + { + "name": "GLSA-200911-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" + }, + { + "name": "36199", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36199" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1" + }, + { + "name": "MDVSA-2009:209", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209" + }, + { + "name": "FEDORA-2009-8329", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html" + }, + { + "name": "http://java.sun.com/javase/6/webnotes/6u15.html", + "refsource": "CONFIRM", + "url": "http://java.sun.com/javase/6/webnotes/6u15.html" + }, + { + "name": "36180", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36180" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1" + }, + { + "name": "FEDORA-2009-8337", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=513222", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=513222" + }, + { + "name": "SUSE-SR:2009:016", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" + }, + { + "name": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html", + "refsource": "CONFIRM", + "url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html" + }, + { + "name": "APPLE-SA-2009-09-03-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html" + }, + { + "name": "RHSA-2009:1201", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1201.html" + }, + { + "name": "37386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37386" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3324.json b/2009/3xxx/CVE-2009-3324.json index ed165427c72..255a8a66137 100644 --- a/2009/3xxx/CVE-2009-3324.json +++ b/2009/3xxx/CVE-2009-3324.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in include/prodler.class.php in ProdLer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sPath parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9728", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9728" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in include/prodler.class.php in ProdLer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sPath parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9728", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9728" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3714.json b/2009/3xxx/CVE-2009-3714.json index 73d5ddde93b..eb07e38fb62 100644 --- a/2009/3xxx/CVE-2009-3714.json +++ b/2009/3xxx/CVE-2009-3714.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3714", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin_login.php in MCshoutbox 1.1 allows remote attackers to inject arbitrary web script or HTML via the loginerror parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9205", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9205" - }, - { - "name" : "56062", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56062" - }, - { - "name" : "35885", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35885" - }, - { - "name" : "ADV-2009-1961", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1961" - }, - { - "name" : "mcshoutbox-adminlogin-xss(51862)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51862" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin_login.php in MCshoutbox 1.1 allows remote attackers to inject arbitrary web script or HTML via the loginerror parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mcshoutbox-adminlogin-xss(51862)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51862" + }, + { + "name": "9205", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9205" + }, + { + "name": "56062", + "refsource": "OSVDB", + "url": "http://osvdb.org/56062" + }, + { + "name": "35885", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35885" + }, + { + "name": "ADV-2009-1961", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1961" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0575.json b/2015/0xxx/CVE-2015-0575.json index 8bd22aea128..b27e6ca6eb8 100644 --- a/2015/0xxx/CVE-2015-0575.json +++ b/2015/0xxx/CVE-2015-0575.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-07-01T00:00:00", - "ID" : "CVE-2015-0575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Configuration Vulnerability in SSL" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-07-01T00:00:00", + "ID": "CVE-2015-0575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "99467", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Configuration Vulnerability in SSL" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + }, + { + "name": "99467", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99467" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0588.json b/2015/0xxx/CVE-2015-0588.json index 1d70ce10ade..11835cf79cc 100644 --- a/2015/0xxx/CVE-2015-0588.json +++ b/2015/0xxx/CVE-2015-0588.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0588", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0588", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150115 Cisco Unified Communications Domain Manager Cross-Site Request Forgery Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0588" - }, - { - "name" : "72082", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72082" - }, - { - "name" : "1031559", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031559" - }, - { - "name" : "62352", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62352" - }, - { - "name" : "cisco-ucdm-cve20150588-csrf(100657)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031559", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031559" + }, + { + "name": "20150115 Cisco Unified Communications Domain Manager Cross-Site Request Forgery Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0588" + }, + { + "name": "62352", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62352" + }, + { + "name": "cisco-ucdm-cve20150588-csrf(100657)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100657" + }, + { + "name": "72082", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72082" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0942.json b/2015/0xxx/CVE-2015-0942.json index e4d9147cb9d..0350ce04dcb 100644 --- a/2015/0xxx/CVE-2015-0942.json +++ b/2015/0xxx/CVE-2015-0942.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0942", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-6742, CVE-2015-6743, CVE-2015-6744, CVE-2015-6745, CVE-2015-6746, CVE-2015-6747. Reason: This candidate originally combined multiple issues that have different vulnerability types and other complex abstraction issues. Notes: All CVE users should reference CVE-2015-6742, CVE-2015-6743, CVE-2015-6744, CVE-2015-6745, CVE-2015-6746, and CVE-2015-6747 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-0942", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-6742, CVE-2015-6743, CVE-2015-6744, CVE-2015-6745, CVE-2015-6746, CVE-2015-6747. Reason: This candidate originally combined multiple issues that have different vulnerability types and other complex abstraction issues. Notes: All CVE users should reference CVE-2015-6742, CVE-2015-6743, CVE-2015-6744, CVE-2015-6745, CVE-2015-6746, and CVE-2015-6747 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0982.json b/2015/0xxx/CVE-2015-0982.json index 9667f1e3fa4..b132bc681a5 100644 --- a/2015/0xxx/CVE-2015-0982.json +++ b/2015/0xxx/CVE-2015-0982.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in an unspecified DLL in Schneider Electric Pelco DS-NVs before 7.8.90 allows remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2015-0982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-071-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-071-01" - }, - { - "name" : "http://download.schneider-electric.com/files?p_File_Id=755516404&p_File_Name=SEVD-2015-065-01+Pelco+DS-NVs+Video+Mgmt+SW.pdf", - "refsource" : "CONFIRM", - "url" : "http://download.schneider-electric.com/files?p_File_Id=755516404&p_File_Name=SEVD-2015-065-01+Pelco+DS-NVs+Video+Mgmt+SW.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in an unspecified DLL in Schneider Electric Pelco DS-NVs before 7.8.90 allows remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://download.schneider-electric.com/files?p_File_Id=755516404&p_File_Name=SEVD-2015-065-01+Pelco+DS-NVs+Video+Mgmt+SW.pdf", + "refsource": "CONFIRM", + "url": "http://download.schneider-electric.com/files?p_File_Id=755516404&p_File_Name=SEVD-2015-065-01+Pelco+DS-NVs+Video+Mgmt+SW.pdf" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-071-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-071-01" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3968.json b/2015/3xxx/CVE-2015-3968.json index 6da2ed1ee3d..cf03da20d5f 100644 --- a/2015/3xxx/CVE-2015-3968.json +++ b/2015/3xxx/CVE-2015-3968.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3968", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has a default password, which makes it easier for remote attackers to read or write to files via a session on TCP port 21." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2015-3968", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-265-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-265-03" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has a default password, which makes it easier for remote attackers to read or write to files via a session on TCP port 21." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-265-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-265-03" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4408.json b/2015/4xxx/CVE-2015-4408.json index cc5027fc6ff..12bbf269993 100644 --- a/2015/4xxx/CVE-2015-4408.json +++ b/2015/4xxx/CVE-2015-4408.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the ISAPI issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hikvision.com/En/Press-Release-details_435_i1023.html", - "refsource" : "CONFIRM", - "url" : "http://www.hikvision.com/En/Press-Release-details_435_i1023.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the ISAPI issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.hikvision.com/En/Press-Release-details_435_i1023.html", + "refsource": "CONFIRM", + "url": "http://www.hikvision.com/En/Press-Release-details_435_i1023.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4499.json b/2015/4xxx/CVE-2015-4499.json index 63805275da5..4eee5eed256 100644 --- a/2015/4xxx/CVE-2015-4499.json +++ b/2015/4xxx/CVE-2015-4499.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Util.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.15, 4.3.x and 4.4.x before 4.4.10, and 5.x before 5.0.1 mishandles long e-mail addresses during account registration, which allows remote attackers to obtain the default privileges for an arbitrary domain name by placing that name in a substring of an address, as demonstrated by truncation of an @mozilla.com.example.com address to an @mozilla.com address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-4499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150910 Security Advisory for Bugzilla 5.0, 4.4.9, and 4.2.14", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2015/Sep/48" - }, - { - "name" : "20150910 Security Advisory for Bugzilla 5.0.1, 4.4.10 and 4.2.15", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2015/Sep/49" - }, - { - "name" : "http://packetstormsecurity.com/files/133578/Bugzilla-Unauthorized-Account-Creation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133578/Bugzilla-Unauthorized-Account-Creation.html" - }, - { - "name" : "https://bug1202447.bmoattachments.org/attachment.cgi?id=8657861", - "refsource" : "MISC", - "url" : "https://bug1202447.bmoattachments.org/attachment.cgi?id=8657861" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1202447", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1202447" - }, - { - "name" : "FEDORA-2015-15767", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169983.html" - }, - { - "name" : "FEDORA-2015-15768", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169946.html" - }, - { - "name" : "FEDORA-2015-15769", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168725.html" - }, - { - "name" : "1033542", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033542" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Util.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.15, 4.3.x and 4.4.x before 4.4.10, and 5.x before 5.0.1 mishandles long e-mail addresses during account registration, which allows remote attackers to obtain the default privileges for an arbitrary domain name by placing that name in a substring of an address, as demonstrated by truncation of an @mozilla.com.example.com address to an @mozilla.com address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2015-15768", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169946.html" + }, + { + "name": "1033542", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033542" + }, + { + "name": "20150910 Security Advisory for Bugzilla 5.0, 4.4.9, and 4.2.14", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2015/Sep/48" + }, + { + "name": "https://bug1202447.bmoattachments.org/attachment.cgi?id=8657861", + "refsource": "MISC", + "url": "https://bug1202447.bmoattachments.org/attachment.cgi?id=8657861" + }, + { + "name": "20150910 Security Advisory for Bugzilla 5.0.1, 4.4.10 and 4.2.15", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2015/Sep/49" + }, + { + "name": "http://packetstormsecurity.com/files/133578/Bugzilla-Unauthorized-Account-Creation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133578/Bugzilla-Unauthorized-Account-Creation.html" + }, + { + "name": "FEDORA-2015-15769", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168725.html" + }, + { + "name": "FEDORA-2015-15767", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169983.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1202447", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1202447" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4738.json b/2015/4xxx/CVE-2015-4738.json index c9c55e9e362..8a72ff52395 100644 --- a/2015/4xxx/CVE-2015-4738.json +++ b/2015/4xxx/CVE-2015-4738.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise HCM Candidate Gateway component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "1032917", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise HCM Candidate Gateway component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "1032917", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032917" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4834.json b/2015/4xxx/CVE-2015-4834.json index aada6093444..d8a6e5f7ac7 100644 --- a/2015/4xxx/CVE-2015-4834.json +++ b/2015/4xxx/CVE-2015-4834.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Zones." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "1033881", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033881" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Zones." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "1033881", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033881" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4918.json b/2015/4xxx/CVE-2015-4918.json index 693644ee54d..98a1f79f223 100644 --- a/2015/4xxx/CVE-2015-4918.json +++ b/2015/4xxx/CVE-2015-4918.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4918", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-4918", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8342.json b/2015/8xxx/CVE-2015-8342.json index fc6fc64acb5..d21fafdf9f4 100644 --- a/2015/8xxx/CVE-2015-8342.json +++ b/2015/8xxx/CVE-2015-8342.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8342", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-8342", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8465.json b/2015/8xxx/CVE-2015-8465.json index 82b4022a594..5a53c53188e 100644 --- a/2015/8xxx/CVE-2015-8465.json +++ b/2015/8xxx/CVE-2015-8465.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8465", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8465", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8612.json b/2015/8xxx/CVE-2015-8612.json index 98367227a81..6c123feb702 100644 --- a/2015/8xxx/CVE-2015-8612.json +++ b/2015/8xxx/CVE-2015-8612.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2015-8612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46186", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46186/" - }, - { - "name" : "[oss-security] 20151218 CVE request: Blueman: Privilege escalation in blueman dbus API", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/12/18/6" - }, - { - "name" : "[oss-security] 20151218 Re: CVE request: Blueman: Privilege escalation in blueman dbus API", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/12/19/1" - }, - { - "name" : "https://twitter.com/thegrugq/status/677809527882813440", - "refsource" : "MISC", - "url" : "https://twitter.com/thegrugq/status/677809527882813440" - }, - { - "name" : "http://packetstormsecurity.com/files/135047/Slackware-Security-Advisory-blueman-Updates.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/135047/Slackware-Security-Advisory-blueman-Updates.html" - }, - { - "name" : "https://github.com/blueman-project/blueman/issues/416", - "refsource" : "CONFIRM", - "url" : "https://github.com/blueman-project/blueman/issues/416" - }, - { - "name" : "https://github.com/blueman-project/blueman/releases/tag/2.0.3", - "refsource" : "CONFIRM", - "url" : "https://github.com/blueman-project/blueman/releases/tag/2.0.3" - }, - { - "name" : "DSA-3427", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3427" - }, - { - "name" : "SSA:2015-356-01", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.421085" - }, - { - "name" : "79688", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/79688" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "79688", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/79688" + }, + { + "name": "DSA-3427", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3427" + }, + { + "name": "46186", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46186/" + }, + { + "name": "SSA:2015-356-01", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.421085" + }, + { + "name": "https://twitter.com/thegrugq/status/677809527882813440", + "refsource": "MISC", + "url": "https://twitter.com/thegrugq/status/677809527882813440" + }, + { + "name": "[oss-security] 20151218 CVE request: Blueman: Privilege escalation in blueman dbus API", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/12/18/6" + }, + { + "name": "https://github.com/blueman-project/blueman/issues/416", + "refsource": "CONFIRM", + "url": "https://github.com/blueman-project/blueman/issues/416" + }, + { + "name": "[oss-security] 20151218 Re: CVE request: Blueman: Privilege escalation in blueman dbus API", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/12/19/1" + }, + { + "name": "http://packetstormsecurity.com/files/135047/Slackware-Security-Advisory-blueman-Updates.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/135047/Slackware-Security-Advisory-blueman-Updates.html" + }, + { + "name": "https://github.com/blueman-project/blueman/releases/tag/2.0.3", + "refsource": "CONFIRM", + "url": "https://github.com/blueman-project/blueman/releases/tag/2.0.3" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8792.json b/2015/8xxx/CVE-2015-8792.json index b284973bd62..e4688d1db94 100644 --- a/2015/8xxx/CVE-2015-8792.json +++ b/2015/8xxx/CVE-2015-8792.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[matroska-users] 20151020 libEBML v1.3.3, libMatroska v1.4.4 released: important fixes", - "refsource" : "MLIST", - "url" : "http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html" - }, - { - "name" : "https://github.com/Matroska-Org/libmatroska/blob/release-1.4.4/ChangeLog", - "refsource" : "CONFIRM", - "url" : "https://github.com/Matroska-Org/libmatroska/blob/release-1.4.4/ChangeLog" - }, - { - "name" : "https://github.com/Matroska-Org/libmatroska/commit/0a2d3e3644a7453b6513db2f9bc270f77943573f", - "refsource" : "CONFIRM", - "url" : "https://github.com/Matroska-Org/libmatroska/commit/0a2d3e3644a7453b6513db2f9bc270f77943573f" - }, - { - "name" : "DSA-3526", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3526" - }, - { - "name" : "openSUSE-SU-2016:0125", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-01/msg00035.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Matroska-Org/libmatroska/blob/release-1.4.4/ChangeLog", + "refsource": "CONFIRM", + "url": "https://github.com/Matroska-Org/libmatroska/blob/release-1.4.4/ChangeLog" + }, + { + "name": "https://github.com/Matroska-Org/libmatroska/commit/0a2d3e3644a7453b6513db2f9bc270f77943573f", + "refsource": "CONFIRM", + "url": "https://github.com/Matroska-Org/libmatroska/commit/0a2d3e3644a7453b6513db2f9bc270f77943573f" + }, + { + "name": "openSUSE-SU-2016:0125", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00035.html" + }, + { + "name": "DSA-3526", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3526" + }, + { + "name": "[matroska-users] 20151020 libEBML v1.3.3, libMatroska v1.4.4 released: important fixes", + "refsource": "MLIST", + "url": "http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9266.json b/2015/9xxx/CVE-2015-9266.json index c7869a44289..c02948a69cb 100644 --- a/2015/9xxx/CVE-2015-9266.json +++ b/2015/9xxx/CVE-2015-9266.json @@ -1,118 +1,118 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-9266", - "STATE" : "PUBLIC", - "TITLE" : "Ubiquiti airOS HTTP(S) unauthenticated arbitrary file upload" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "This vulnerability was reported by 93c08539." - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 9.8, - "baseSeverity" : "CRITICAL", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9266", + "STATE": "PUBLIC", + "TITLE": "Ubiquiti airOS HTTP(S) unauthenticated arbitrary file upload" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39701", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39701/" - }, - { - "name" : "39853", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39853/" - }, - { - "name" : "https://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940", - "refsource" : "MISC", - "url" : "https://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940" - }, - { - "name" : "https://hackerone.com/reports/73480", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/73480" - }, - { - "name" : "https://www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_upload", - "refsource" : "MISC", - "url" : "https://www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_upload" - }, - { - "name" : "https://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949", - "refsource" : "CONFIRM", - "url" : "https://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949" - }, - { - "name" : "https://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494", - "refsource" : "CONFIRM", - "url" : "https://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability was reported by 93c08539." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_upload", + "refsource": "MISC", + "url": "https://www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_upload" + }, + { + "name": "39701", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39701/" + }, + { + "name": "https://hackerone.com/reports/73480", + "refsource": "MISC", + "url": "https://hackerone.com/reports/73480" + }, + { + "name": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949", + "refsource": "CONFIRM", + "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949" + }, + { + "name": "39853", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39853/" + }, + { + "name": "https://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940", + "refsource": "MISC", + "url": "https://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940" + }, + { + "name": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494", + "refsource": "CONFIRM", + "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5176.json b/2016/5xxx/CVE-2016-5176.json index 9a09779d1ec..958b98d1af5 100644 --- a/2016/5xxx/CVE-2016-5176.json +++ b/2016/5xxx/CVE-2016-5176.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5176", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2016-5176", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/595838", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/595838" - }, - { - "name" : "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html", - "refsource" : "CONFIRM", - "url" : "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html" - }, - { - "name" : "RHSA-2016:1905", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1905.html" - }, - { - "name" : "93234", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93234" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/595838", + "refsource": "CONFIRM", + "url": "https://crbug.com/595838" + }, + { + "name": "93234", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93234" + }, + { + "name": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html", + "refsource": "CONFIRM", + "url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html" + }, + { + "name": "RHSA-2016:1905", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5426.json b/2016/5xxx/CVE-2016-5426.json index 92da85015ef..511cd5bdffd 100644 --- a/2016/5xxx/CVE-2016-5426.json +++ b/2016/5xxx/CVE-2016-5426.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-5426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-5426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160909 PowerDNS Security Advisory 2016-01: Crafted queries can cause unexpected backend load", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/09/3" - }, - { - "name" : "https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/", - "refsource" : "CONFIRM", - "url" : "https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/" - }, - { - "name" : "https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3", - "refsource" : "CONFIRM", - "url" : "https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3" - }, - { - "name" : "DSA-3664", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3664" - }, - { - "name" : "92917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92917" - }, - { - "name" : "1036761", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036761" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3", + "refsource": "CONFIRM", + "url": "https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3" + }, + { + "name": "1036761", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036761" + }, + { + "name": "DSA-3664", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3664" + }, + { + "name": "92917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92917" + }, + { + "name": "[oss-security] 20160909 PowerDNS Security Advisory 2016-01: Crafted queries can cause unexpected backend load", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/09/3" + }, + { + "name": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/", + "refsource": "CONFIRM", + "url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5876.json b/2016/5xxx/CVE-2016-5876.json index 7627dc4b5a5..edfbb2019a3 100644 --- a/2016/5xxx/CVE-2016-5876.json +++ b/2016/5xxx/CVE-2016-5876.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://owncloud.org/security/advisory/?id=oc-sa-2016-010", - "refsource" : "CONFIRM", - "url" : "https://owncloud.org/security/advisory/?id=oc-sa-2016-010" - }, - { - "name" : "95861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95861" + }, + { + "name": "https://owncloud.org/security/advisory/?id=oc-sa-2016-010", + "refsource": "CONFIRM", + "url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-010" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2383.json b/2018/2xxx/CVE-2018-2383.json index 298e0578903..3a0d7353927 100644 --- a/2018/2xxx/CVE-2018-2383.json +++ b/2018/2xxx/CVE-2018-2383.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2018-2383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP Internet Graphics Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "7.20" - }, - { - "version_affected" : "=", - "version_value" : "7.20EXT" - }, - { - "version_affected" : "=", - "version_value" : "7.45" - }, - { - "version_affected" : "=", - "version_value" : "7.49" - }, - { - "version_affected" : "=", - "version_value" : "7.53" - } - ] - } - } - ] - }, - "vendor_name" : "SAP SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Reflected Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2018-2383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP Internet Graphics Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.20" + }, + { + "version_affected": "=", + "version_value": "7.20EXT" + }, + { + "version_affected": "=", + "version_value": "7.45" + }, + { + "version_affected": "=", + "version_value": "7.49" + }, + { + "version_affected": "=", + "version_value": "7.53" + } + ] + } + } + ] + }, + "vendor_name": "SAP SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/", - "refsource" : "CONFIRM", - "url" : "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/" - }, - { - "name" : "https://launchpad.support.sap.com/#/notes/2525222", - "refsource" : "CONFIRM", - "url" : "https://launchpad.support.sap.com/#/notes/2525222" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reflected Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://launchpad.support.sap.com/#/notes/2525222", + "refsource": "CONFIRM", + "url": "https://launchpad.support.sap.com/#/notes/2525222" + }, + { + "name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/", + "refsource": "CONFIRM", + "url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2489.json b/2018/2xxx/CVE-2018-2489.json index 59cef35cc7e..68a6c0c980c 100644 --- a/2018/2xxx/CVE-2018-2489.json +++ b/2018/2xxx/CVE-2018-2489.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2018-2489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP Fiori Client", - "version" : { - "version_data" : [ - { - "version_name" : "<", - "version_value" : "1.11.5" - } - ] - } - } - ] - }, - "vendor_name" : "SAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Authorization Check" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2018-2489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP Fiori Client", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "1.11.5" + } + ] + } + } + ] + }, + "vendor_name": "SAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.support.sap.com/#/notes/2691126", - "refsource" : "MISC", - "url" : "https://launchpad.support.sap.com/#/notes/2691126" - }, - { - "name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832", - "refsource" : "MISC", - "url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Authorization Check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://launchpad.support.sap.com/#/notes/2691126", + "refsource": "MISC", + "url": "https://launchpad.support.sap.com/#/notes/2691126" + }, + { + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832", + "refsource": "MISC", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2793.json b/2018/2xxx/CVE-2018-2793.json index cbcf5be16d3..c9009386cf0 100644 --- a/2018/2xxx/CVE-2018-2793.json +++ b/2018/2xxx/CVE-2018-2793.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PT PeopleTools", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.54" - }, - { - "version_affected" : "=", - "version_value" : "8.55" - }, - { - "version_affected" : "=", - "version_value" : "8.56" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PsAdmin). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.54" + }, + { + "version_affected": "=", + "version_value": "8.55" + }, + { + "version_affected": "=", + "version_value": "8.56" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "103899", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103899" - }, - { - "name" : "1040701", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040701" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PsAdmin). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103899", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103899" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "1040701", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040701" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2813.json b/2018/2xxx/CVE-2018-2813.json index 9f9a028b755..96f8380fdd1 100644 --- a/2018/2xxx/CVE-2018-2813.json +++ b/2018/2xxx/CVE-2018-2813.json @@ -1,141 +1,141 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.5.59 and prior" - }, - { - "version_affected" : "=", - "version_value" : "5.6.39 and prior" - }, - { - "version_affected" : "=", - "version_value" : "5.7.21 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.5.59 and prior" + }, + { + "version_affected": "=", + "version_value": "5.6.39 and prior" + }, + { + "version_affected": "=", + "version_value": "5.7.21 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html" - }, - { - "name" : "[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180419-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180419-0002/" - }, - { - "name" : "DSA-4176", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4176" - }, - { - "name" : "DSA-4341", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4341" - }, - { - "name" : "RHSA-2018:1254", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1254" - }, - { - "name" : "RHSA-2018:2439", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2439" - }, - { - "name" : "RHSA-2018:2729", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2729" - }, - { - "name" : "RHSA-2018:3655", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3655" - }, - { - "name" : "USN-3629-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3629-1/" - }, - { - "name" : "USN-3629-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3629-2/" - }, - { - "name" : "USN-3629-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3629-3/" - }, - { - "name" : "103830", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103830" - }, - { - "name" : "1040698", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4341", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4341" + }, + { + "name": "1040698", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040698" + }, + { + "name": "RHSA-2018:1254", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1254" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180419-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180419-0002/" + }, + { + "name": "RHSA-2018:2729", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2729" + }, + { + "name": "DSA-4176", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4176" + }, + { + "name": "103830", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103830" + }, + { + "name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html" + }, + { + "name": "[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html" + }, + { + "name": "RHSA-2018:3655", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "RHSA-2018:2439", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2439" + }, + { + "name": "USN-3629-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3629-1/" + }, + { + "name": "USN-3629-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3629-2/" + }, + { + "name": "USN-3629-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3629-3/" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6026.json b/2018/6xxx/CVE-2018-6026.json index 4f2c608c912..fff9dc7d11a 100644 --- a/2018/6xxx/CVE-2018-6026.json +++ b/2018/6xxx/CVE-2018-6026.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6026", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6026", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6200.json b/2018/6xxx/CVE-2018-6200.json index f5887bb1a0c..658786ef70f 100644 --- a/2018/6xxx/CVE-2018-6200.json +++ b/2018/6xxx/CVE-2018-6200.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cxsecurity.com/issue/WLB-2018010251", - "refsource" : "MISC", - "url" : "https://cxsecurity.com/issue/WLB-2018010251" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cxsecurity.com/issue/WLB-2018010251", + "refsource": "MISC", + "url": "https://cxsecurity.com/issue/WLB-2018010251" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6576.json b/2018/6xxx/CVE-2018-6576.json index af42d0cc8bf..82a7c517c00 100644 --- a/2018/6xxx/CVE-2018-6576.json +++ b/2018/6xxx/CVE-2018-6576.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43949", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43949" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43949", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43949" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7451.json b/2018/7xxx/CVE-2018-7451.json index a1b616e2be2..f5208c0d581 100644 --- a/2018/7xxx/CVE-2018-7451.json +++ b/2018/7xxx/CVE-2018-7451.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7451", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7451", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7626.json b/2018/7xxx/CVE-2018-7626.json index 2c58e32f11b..3ce79ccdd9f 100644 --- a/2018/7xxx/CVE-2018-7626.json +++ b/2018/7xxx/CVE-2018-7626.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7626", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7626", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0172.json b/2019/0xxx/CVE-2019-0172.json index 5e6e56cbf26..560c3633c34 100644 --- a/2019/0xxx/CVE-2019-0172.json +++ b/2019/0xxx/CVE-2019-0172.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0172", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0172", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1057.json b/2019/1xxx/CVE-2019-1057.json index 30dc1c1c6bd..5b203747da5 100644 --- a/2019/1xxx/CVE-2019-1057.json +++ b/2019/1xxx/CVE-2019-1057.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1057", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1057", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1088.json b/2019/1xxx/CVE-2019-1088.json index 912fa96da26..eb86236a708 100644 --- a/2019/1xxx/CVE-2019-1088.json +++ b/2019/1xxx/CVE-2019-1088.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1088", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1088", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1797.json b/2019/1xxx/CVE-2019-1797.json index 1ef110fae96..5eb8760e77c 100644 --- a/2019/1xxx/CVE-2019-1797.json +++ b/2019/1xxx/CVE-2019-1797.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1797", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1797", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1844.json b/2019/1xxx/CVE-2019-1844.json index 8d57e323978..d0c90bf59de 100644 --- a/2019/1xxx/CVE-2019-1844.json +++ b/2019/1xxx/CVE-2019-1844.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1844", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1844", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5081.json b/2019/5xxx/CVE-2019-5081.json index 0ac1d1e7d1f..26cc482fbc0 100644 --- a/2019/5xxx/CVE-2019-5081.json +++ b/2019/5xxx/CVE-2019-5081.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5081", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5081", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5119.json b/2019/5xxx/CVE-2019-5119.json index 8869ed287bf..0ffcbebf908 100644 --- a/2019/5xxx/CVE-2019-5119.json +++ b/2019/5xxx/CVE-2019-5119.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5119", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5119", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5168.json b/2019/5xxx/CVE-2019-5168.json index 8c5deaae4ff..8c63204bdd6 100644 --- a/2019/5xxx/CVE-2019-5168.json +++ b/2019/5xxx/CVE-2019-5168.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5168", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5168", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5967.json b/2019/5xxx/CVE-2019-5967.json index ab5e4ff54a0..4109844729e 100644 --- a/2019/5xxx/CVE-2019-5967.json +++ b/2019/5xxx/CVE-2019-5967.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5967", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5967", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file