diff --git a/1999/0xxx/CVE-1999-0075.json b/1999/0xxx/CVE-1999-0075.json index 8759bb81d92..32241850175 100644 --- a/1999/0xxx/CVE-1999-0075.json +++ b/1999/0xxx/CVE-1999-0075.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5742", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5742", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5742" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0642.json b/1999/0xxx/CVE-1999-0642.json index b362bc046ee..51dc2fe4be8 100644 --- a/1999/0xxx/CVE-1999-0642.json +++ b/1999/0xxx/CVE-1999-0642.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0642", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: \"A POP service is running.\"" - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-1999-0642", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: \"A POP service is running.\"" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0791.json b/1999/0xxx/CVE-1999-0791.json index 6300e0de4e9..62ec7991d05 100644 --- a/1999/0xxx/CVE-1999-0791.json +++ b/1999/0xxx/CVE-1999-0791.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hybrid Network cable modems do not include an authentication mechanism for administration, allowing remote attackers to compromise the system through the HSMP protocol." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "695", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/695" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hybrid Network cable modems do not include an authentication mechanism for administration, allowing remote attackers to compromise the system through the HSMP protocol." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "695", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/695" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1076.json b/1999/1xxx/CVE-1999-1076.json index 8dd1ce37f77..065d0aaa9f9 100644 --- a/1999/1xxx/CVE-1999-1076.json +++ b/1999/1xxx/CVE-1999-1076.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Idle locking function in MacOS 9 allows local users to bypass the password protection of idled sessions by selecting the \"Log Out\" option and selecting a \"Cancel\" option in the dialog box for an application that attempts to verify that the user wants to log out, which returns the attacker into the locked session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19991026 Mac OS 9 Idle Lock Bug", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=94096348604173&w=2" - }, - { - "name" : "745", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/745" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Idle locking function in MacOS 9 allows local users to bypass the password protection of idled sessions by selecting the \"Log Out\" option and selecting a \"Cancel\" option in the dialog box for an application that attempts to verify that the user wants to log out, which returns the attacker into the locked session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19991026 Mac OS 9 Idle Lock Bug", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=94096348604173&w=2" + }, + { + "name": "745", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/745" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1080.json b/1999/1xxx/CVE-1999-1080.json index 258bc41fe8a..8a83c520d40 100644 --- a/1999/1xxx/CVE-1999-1080.json +++ b/1999/1xxx/CVE-1999-1080.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running volcheck, when the file systems do not have the nosuid option specified in rmmount.conf." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990510 SunOS 5.7 rmmount, no nosuid.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=92633694100270&w=2" - }, - { - "name" : "19991011", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=93971288323395&w=2" - }, - { - "name" : "250", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/250" - }, - { - "name" : "solaris-rmmount-gain-root(8350)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8350" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running volcheck, when the file systems do not have the nosuid option specified in rmmount.conf." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19990510 SunOS 5.7 rmmount, no nosuid.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=92633694100270&w=2" + }, + { + "name": "250", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/250" + }, + { + "name": "solaris-rmmount-gain-root(8350)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8350" + }, + { + "name": "19991011", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=93971288323395&w=2" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1292.json b/1999/1xxx/CVE-1999-1292.json index 57bb0385f2d..cdb743a37fe 100644 --- a/1999/1xxx/CVE-1999-1292.json +++ b/1999/1xxx/CVE-1999-1292.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in web administration feature of Kolban Webcam32 4.8.3 and earlier allows remote attackers to execute arbitrary commands via a long URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19980901 Remote Buffer Overflow in the Kolban Webcam32 Program", - "refsource" : "ISS", - "url" : "http://xforce.iss.net/alerts/advise7.php" - }, - { - "name" : "webcam32-buffer-overflow(1366)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1366" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in web administration feature of Kolban Webcam32 4.8.3 and earlier allows remote attackers to execute arbitrary commands via a long URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19980901 Remote Buffer Overflow in the Kolban Webcam32 Program", + "refsource": "ISS", + "url": "http://xforce.iss.net/alerts/advise7.php" + }, + { + "name": "webcam32-buffer-overflow(1366)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1366" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1351.json b/1999/1xxx/CVE-1999-1351.json index 68e43a3c75a..ffb0bd4269a 100644 --- a/1999/1xxx/CVE-1999-1351.json +++ b/1999/1xxx/CVE-1999-1351.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in KVIrc IRC client 0.9.0 with the \"Listen to !nick requests\" option enabled allows remote attackers to read arbitrary files via a .. (dot dot) in a DCC GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990924 Kvirc bug", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=93845560631314&w=2" - }, - { - "name" : "kvirc-dot-directory-traversal(7761)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7761.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in KVIrc IRC client 0.9.0 with the \"Listen to !nick requests\" option enabled allows remote attackers to read arbitrary files via a .. (dot dot) in a DCC GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "kvirc-dot-directory-traversal(7761)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7761.php" + }, + { + "name": "19990924 Kvirc bug", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=93845560631314&w=2" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1459.json b/1999/1xxx/CVE-1999-1459.json index c0ed0c6a57f..5cfe9f619aa 100644 --- a/1999/1xxx/CVE-1999-1459.json +++ b/1999/1xxx/CVE-1999-1459.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BMC PATROL Agent before 3.2.07 allows local users to gain root privileges via a symlink attack on a temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19981102 BMC PATROL File Creation Vulnerability", - "refsource" : "ISS", - "url" : "http://xforce.iss.net/alerts/advise10.php" - }, - { - "name" : "bmc-patrol-file-create(1388)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1388" - }, - { - "name" : "534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/534" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BMC PATROL Agent before 3.2.07 allows local users to gain root privileges via a symlink attack on a temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bmc-patrol-file-create(1388)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1388" + }, + { + "name": "19981102 BMC PATROL File Creation Vulnerability", + "refsource": "ISS", + "url": "http://xforce.iss.net/alerts/advise10.php" + }, + { + "name": "534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/534" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0050.json b/2000/0xxx/CVE-2000-0050.json index 25a04c812b1..4ff8a8ecea3 100644 --- a/2000/0xxx/CVE-2000-0050.json +++ b/2000/0xxx/CVE-2000-0050.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying explicit URLs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ASB00-01", - "refsource" : "ALLAIRE", - "url" : "http://www.allaire.com/handlers/index.cfm?ID=13976&Method=Full" - }, - { - "name" : "915", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying explicit URLs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "915", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/915" + }, + { + "name": "ASB00-01", + "refsource": "ALLAIRE", + "url": "http://www.allaire.com/handlers/index.cfm?ID=13976&Method=Full" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0506.json b/2000/0xxx/CVE-2000-0506.json index 398b6739838..097e69fda5b 100644 --- a/2000/0xxx/CVE-2000-0506.json +++ b/2000/0xxx/CVE-2000-0506.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"capabilities\" feature in Linux before 2.2.16 allows local users to cause a denial of service or gain privileges by setting the capabilities to prevent a setuid program from dropping privileges, aka the \"Linux kernel setuid/setcap vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000609 Sendmail & procmail local root exploits on Linux kernel up to 2.2.16pre5", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006090852340.3475-300000@alfa.elzabsoft.pl" - }, - { - "name" : "RHSA-2000:037", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2000-037.html" - }, - { - "name" : "20000802-01-P", - "refsource" : "SGI", - "url" : "ftp://sgigate.sgi.com/security/20000802-01-P" - }, - { - "name" : "20000609 Trustix Security Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-06/0062.html" - }, - { - "name" : "20000608 CONECTIVA LINUX SECURITY ANNOUNCEMENT - kernel", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-06/0063.html" - }, - { - "name" : "1322", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1322" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"capabilities\" feature in Linux before 2.2.16 allows local users to cause a denial of service or gain privileges by setting the capabilities to prevent a setuid program from dropping privileges, aka the \"Linux kernel setuid/setcap vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2000:037", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2000-037.html" + }, + { + "name": "1322", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1322" + }, + { + "name": "20000609 Sendmail & procmail local root exploits on Linux kernel up to 2.2.16pre5", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006090852340.3475-300000@alfa.elzabsoft.pl" + }, + { + "name": "20000609 Trustix Security Advisory", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0062.html" + }, + { + "name": "20000802-01-P", + "refsource": "SGI", + "url": "ftp://sgigate.sgi.com/security/20000802-01-P" + }, + { + "name": "20000608 CONECTIVA LINUX SECURITY ANNOUNCEMENT - kernel", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0063.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0531.json b/2000/0xxx/CVE-2000-0531.json index c2ea715fd5d..7866ed72f63 100644 --- a/2000/0xxx/CVE-2000-0531.json +++ b/2000/0xxx/CVE-2000-0531.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000620 Bug in gpm", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10006201453090.1812-200000@apollo.aci.com.pl" - }, - { - "name" : "RHSA-2000:045", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2000-045.html" - }, - { - "name" : "20000728 MDKSA:2000-025 gpm update", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-07/0409.html" - }, - { - "name" : "1377", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1377" - }, - { - "name" : "linux-gpm-gpmctl-dos(5010)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000620 Bug in gpm", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10006201453090.1812-200000@apollo.aci.com.pl" + }, + { + "name": "1377", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1377" + }, + { + "name": "RHSA-2000:045", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2000-045.html" + }, + { + "name": "linux-gpm-gpmctl-dos(5010)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5010" + }, + { + "name": "20000728 MDKSA:2000-025 gpm update", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0409.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0596.json b/2000/0xxx/CVE-2000-0596.json index 5d6ab408ac0..55cd5e42baf 100644 --- a/2000/0xxx/CVE-2000-0596.json +++ b/2000/0xxx/CVE-2000-0596.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the \"IE Script\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000627 IE 5 and Access 2000 vulnerability - executing programs", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589359.762392DB@nat.bg" - }, - { - "name" : "20000627 FW: IE 5 and Access 2000 vulnerability - executing programs", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=000d01bfe0fb$418f59b0$96217aa8@src.bu.edu" - }, - { - "name" : "MS00-049", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-049" - }, - { - "name" : "CA-2000-16", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2000-16.html" - }, - { - "name" : "1398", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1398" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the \"IE Script\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000627 FW: IE 5 and Access 2000 vulnerability - executing programs", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=000d01bfe0fb$418f59b0$96217aa8@src.bu.edu" + }, + { + "name": "1398", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1398" + }, + { + "name": "MS00-049", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-049" + }, + { + "name": "20000627 IE 5 and Access 2000 vulnerability - executing programs", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589359.762392DB@nat.bg" + }, + { + "name": "CA-2000-16", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2000-16.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0734.json b/2000/0xxx/CVE-2000-0734.json index 1e87980c3c1..40c2bc585d9 100644 --- a/2000/0xxx/CVE-2000-0734.json +++ b/2000/0xxx/CVE-2000-0734.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "eEye IRIS 1.01 beta allows remote attackers to cause a denial of service via a large number of UDP connections." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000831 Remote DoS Attack in Eeye Iris 1.01 and SpyNet CaptureNet v3.12", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=96774637326591&w=2" - }, - { - "name" : "1627", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1627" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "eEye IRIS 1.01 beta allows remote attackers to cause a denial of service via a large number of UDP connections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000831 Remote DoS Attack in Eeye Iris 1.01 and SpyNet CaptureNet v3.12", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=96774637326591&w=2" + }, + { + "name": "1627", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1627" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0876.json b/2000/0xxx/CVE-2000-0876.json index eca5cac2413..df3da209472 100644 --- a/2000/0xxx/CVE-2000-0876.json +++ b/2000/0xxx/CVE-2000-0876.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server via a \"%C\" command, which generates an error message that includes the pathname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000905 WFTPD/WFTPD Pro 2.41 RC12 vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-08/0488.html" - }, - { - "name" : "wftpd-path-disclosure(5196)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5196" - }, - { - "name" : "5829", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5829" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server via a \"%C\" command, which generates an error message that includes the pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wftpd-path-disclosure(5196)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5196" + }, + { + "name": "20000905 WFTPD/WFTPD Pro 2.41 RC12 vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0488.html" + }, + { + "name": "5829", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5829" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1041.json b/2000/1xxx/CVE-2000-1041.json index 3abd935f35b..9a564e74ae4 100644 --- a/2000/1xxx/CVE-2000-1041.json +++ b/2000/1xxx/CVE-2000-1041.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in ypbind 3.3 possibly allows an attacker to gain root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MDKSA-2000:064", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1" - }, - { - "name" : "SuSE-SA:2000:042", - "refsource" : "SUSE", - "url" : "http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html" - }, - { - "name" : "CSSA-2000-039.0", - "refsource" : "CALDERA", - "url" : "http://www.calderasystems.com/support/security/advisories/CSSA-2000-039.0.txt" - }, - { - "name" : "ypbind-remote-bo(5759)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5759" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in ypbind 3.3 possibly allows an attacker to gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ypbind-remote-bo(5759)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5759" + }, + { + "name": "SuSE-SA:2000:042", + "refsource": "SUSE", + "url": "http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html" + }, + { + "name": "CSSA-2000-039.0", + "refsource": "CALDERA", + "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-039.0.txt" + }, + { + "name": "MDKSA-2000:064", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2140.json b/2005/2xxx/CVE-2005-2140.json index 0119062b591..f16ef4fa21e 100644 --- a/2005/2xxx/CVE-2005-2140.json +++ b/2005/2xxx/CVE-2005-2140.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in default.asp for FSboard 2.0 allows remote attackers to read arbitrary files via \"..\" sequences in the filename parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14111", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14111" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in default.asp for FSboard 2.0 allows remote attackers to read arbitrary files via \"..\" sequences in the filename parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14111", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14111" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2307.json b/2005/2xxx/CVE-2005-2307.json index 7633a18ee29..687d91fc012 100644 --- a/2005/2xxx/CVE-2005-2307.json +++ b/2005/2xxx/CVE-2005-2307.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka \"Network Connection Manager Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf" - }, - { - "name" : "MS05-045", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-045" - }, - { - "name" : "14260", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14260" - }, - { - "name" : "oval:org.mitre.oval:def:1250", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1250" - }, - { - "name" : "oval:org.mitre.oval:def:1254", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1254" - }, - { - "name" : "oval:org.mitre.oval:def:1289", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1289" - }, - { - "name" : "oval:org.mitre.oval:def:1532", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1532" - }, - { - "name" : "oval:org.mitre.oval:def:786", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A786" - }, - { - "name" : "16065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16065" - }, - { - "name" : "17172", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17172" - }, - { - "name" : "17223", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17223" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka \"Network Connection Manager Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14260", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14260" + }, + { + "name": "16065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16065" + }, + { + "name": "oval:org.mitre.oval:def:1532", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1532" + }, + { + "name": "oval:org.mitre.oval:def:1250", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1250" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf" + }, + { + "name": "oval:org.mitre.oval:def:1254", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1254" + }, + { + "name": "17223", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17223" + }, + { + "name": "17172", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17172" + }, + { + "name": "MS05-045", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-045" + }, + { + "name": "oval:org.mitre.oval:def:1289", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1289" + }, + { + "name": "oval:org.mitre.oval:def:786", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A786" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2371.json b/2005/2xxx/CVE-2005-2371.json index b2b69c4bfed..6e406b80f09 100644 --- a/2005/2xxx/CVE-2005-2371.json +++ b/2005/2xxx/CVE-2005-2371.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) \"..\", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050719 Oracle Security Advisory: Overwrite any file via desname in Oracle Reports", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112180096507467&w=2" - }, - { - "name" : "20060117 Oracle Reports - Overwrite any application server file via desname (fixed after 889 days)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/422257/30/7430/threaded" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_reports_overwrite_any_file.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_reports_overwrite_any_file.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" - }, - { - "name" : "14309", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14309" - }, - { - "name" : "ADV-2006-0323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0323" - }, - { - "name" : "1014524", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014524" - }, - { - "name" : "18493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18493" - }, - { - "name" : "18608", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18608" - }, - { - "name" : "oracle-january2006-update(24321)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) \"..\", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-january2006-update(24321)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" + }, + { + "name": "14309", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14309" + }, + { + "name": "18493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18493" + }, + { + "name": "ADV-2006-0323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0323" + }, + { + "name": "20060117 Oracle Reports - Overwrite any application server file via desname (fixed after 889 days)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/422257/30/7430/threaded" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_reports_overwrite_any_file.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_reports_overwrite_any_file.html" + }, + { + "name": "1014524", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014524" + }, + { + "name": "20050719 Oracle Security Advisory: Overwrite any file via desname in Oracle Reports", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112180096507467&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" + }, + { + "name": "18608", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18608" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2949.json b/2005/2xxx/CVE-2005-2949.json index 0f2771d09db..e8b0482dc3a 100644 --- a/2005/2xxx/CVE-2005-2949.json +++ b/2005/2xxx/CVE-2005-2949.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pam_per_user before 0.4 does not verify if the user name changes between authentication attempts and uses the same subrequest handle, which allows remote attackers or local users to login as other users by using certain applications that allow the username to be changed during authentication, such as /bin/login." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050912 Security Flaw in pam_per_user Module", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112654636915661&w=2" - }, - { - "name" : "14813", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14813" - }, - { - "name" : "16781", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16781/" - }, - { - "name" : "2", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pam_per_user before 0.4 does not verify if the user name changes between authentication attempts and uses the same subrequest handle, which allows remote attackers or local users to login as other users by using certain applications that allow the username to be changed during authentication, such as /bin/login." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2" + }, + { + "name": "16781", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16781/" + }, + { + "name": "14813", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14813" + }, + { + "name": "20050912 Security Flaw in pam_per_user Module", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112654636915661&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3052.json b/2005/3xxx/CVE-2005-3052.json index eb643e17d05..b2f439b255a 100644 --- a/2005/3xxx/CVE-2005-3052.json +++ b/2005/3xxx/CVE-2005-3052.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 allows remote attackers to execute arbitrary SQL commands via the search field to download.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050923 Sql injection in jPortal version 2.3.1 (module download)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112748957426316&w=2" - }, - { - "name" : "20", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/20" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 allows remote attackers to execute arbitrary SQL commands via the search field to download.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/20" + }, + { + "name": "20050923 Sql injection in jPortal version 2.3.1 (module download)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112748957426316&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3367.json b/2005/3xxx/CVE-2005-3367.json index ff292b9c42d..3a1d35ce546 100644 --- a/2005/3xxx/CVE-2005-3367.json +++ b/2005/3xxx/CVE-2005-3367.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in journal.php in SparkleBlog 2.1 allows remote attackers to inject arbitrary web script or HTML via the name field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051025 SparkleBlog Journal.php HTML Injection Vulnerability =>v2.1 (all", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113029164931570&w=2" - }, - { - "name" : "15202", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15202" - }, - { - "name" : "118", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in journal.php in SparkleBlog 2.1 allows remote attackers to inject arbitrary web script or HTML via the name field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15202", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15202" + }, + { + "name": "20051025 SparkleBlog Journal.php HTML Injection Vulnerability =>v2.1 (all", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113029164931570&w=2" + }, + { + "name": "118", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/118" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3823.json b/2005/3xxx/CVE-2005-3823.json index b6603f0f59a..d3750511cec 100644 --- a/2005/3xxx/CVE-2005-3823.json +++ b/2005/3xxx/CVE-2005-3823.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3823", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051125 SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM ", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113290708121951&w=2" - }, - { - "name" : "20051125 SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM ", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/417711/30/0/threaded" - }, - { - "name" : "15569", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15569" - }, - { - "name" : "ADV-2005-2569", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2569" - }, - { - "name" : "1015274", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015274" - }, - { - "name" : "17693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BUGTRAQ", + "name": "20051125 SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM", + "url": "http://www.securityfocus.com/archive/1/417711/30/0/threaded" + }, + { + "name": "15569", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15569" + }, + { + "name": "ADV-2005-2569", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2569" + }, + { + "name": "1015274", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015274" + }, + { + "refsource": "FULLDISC", + "name": "20051125 SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM", + "url": "http://marc.info/?l=full-disclosure&m=113290708121951&w=2" + }, + { + "name": "17693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17693" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4560.json b/2005/4xxx/CVE-2005-4560.json index 20be2942a77..963d9842f17 100644 --- a/2005/4xxx/CVE-2005-4560.json +++ b/2005/4xxx/CVE-2005-4560.json @@ -1,242 +1,242 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4560", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4560", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051227 Is this a new exploit?", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420288/100/0/threaded" - }, - { - "name" : "20051228 Re: Is this a new exploit?", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420367/100/0/threaded" - }, - { - "name" : "20051227 Exploitation of Windows WMF on the web", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420351/100/0/threaded" - }, - { - "name" : "20051228 RE: [Full-disclosure] Someone wasted a nice bug on spyware...", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420357/100/0/threaded" - }, - { - "name" : "20051228 WMF Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420378/100/0/threaded" - }, - { - "name" : "20051229 WMF exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420446/100/0/threaded" - }, - { - "name" : "20060103 WMF SETABORTPROC exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420684/100/0/threaded" - }, - { - "name" : "20060103 WMF round-up, updates and de-mystification", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420682/100/0/threaded" - }, - { - "name" : "20060103 Re: [funsec] WMF round-up, updates and de-mystification", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420687/100/0/threaded" - }, - { - "name" : "20060104 Another WMF exploit workaround", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420773/100/0/threaded" - }, - { - "name" : "20051229 RE: WMF Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420546/30/7730/threaded" - }, - { - "name" : "20060101 Re: RE: WMF Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420664/30/7730/threaded" - }, - { - "name" : "http://linuxbox.org/pipermail/funsec/2006-January/002455.html", - "refsource" : "MISC", - "url" : "http://linuxbox.org/pipermail/funsec/2006-January/002455.html" - }, - { - "name" : "http://www.f-secure.com/weblog/archives/archive-122005.html#00000753", - "refsource" : "MISC", - "url" : "http://www.f-secure.com/weblog/archives/archive-122005.html#00000753" - }, - { - "name" : "http://vil.mcafeesecurity.com/vil/content/v_137760.htm", - "refsource" : "MISC", - "url" : "http://vil.mcafeesecurity.com/vil/content/v_137760.htm" - }, - { - "name" : "http://www.microsoft.com/technet/security/advisory/912840.mspx", - "refsource" : "MISC", - "url" : "http://www.microsoft.com/technet/security/advisory/912840.mspx" - }, - { - "name" : "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375341", - "refsource" : "MISC", - "url" : "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375341" - }, - { - "name" : "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420", - "refsource" : "MISC", - "url" : "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420" - }, - { - "name" : "MS06-001", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-001" - }, - { - "name" : "TA05-362A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-362A.html" - }, - { - "name" : "TA06-005A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-005A.html" - }, - { - "name" : "VU#181038", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/181038" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-001.htm", - "refsource" : "MISC", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-001.htm" - }, - { - "name" : "16074", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16074" - }, - { - "name" : "ADV-2005-3086", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3086" - }, - { - "name" : "oval:org.mitre.oval:def:1433", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1433" - }, - { - "name" : "oval:org.mitre.oval:def:1431", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1431" - }, - { - "name" : "oval:org.mitre.oval:def:1460", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1460" - }, - { - "name" : "oval:org.mitre.oval:def:1492", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1492" - }, - { - "name" : "oval:org.mitre.oval:def:1564", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1564" - }, - { - "name" : "oval:org.mitre.oval:def:1612", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1612" - }, - { - "name" : "1015416", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015416" - }, - { - "name" : "18255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18255" - }, - { - "name" : "18364", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18364" - }, - { - "name" : "18311", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18311" - }, - { - "name" : "18415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18415" - }, - { - "name" : "win-wmf-execute-code(23846)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23846" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://vil.mcafeesecurity.com/vil/content/v_137760.htm", + "refsource": "MISC", + "url": "http://vil.mcafeesecurity.com/vil/content/v_137760.htm" + }, + { + "name": "20051228 Re: Is this a new exploit?", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420367/100/0/threaded" + }, + { + "name": "http://www.f-secure.com/weblog/archives/archive-122005.html#00000753", + "refsource": "MISC", + "url": "http://www.f-secure.com/weblog/archives/archive-122005.html#00000753" + }, + { + "name": "20051228 WMF Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420378/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:1492", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1492" + }, + { + "name": "20051228 RE: [Full-disclosure] Someone wasted a nice bug on spyware...", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420357/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:1564", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1564" + }, + { + "name": "18255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18255" + }, + { + "name": "oval:org.mitre.oval:def:1612", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1612" + }, + { + "name": "ADV-2005-3086", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3086" + }, + { + "name": "1015416", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015416" + }, + { + "name": "20051227 Exploitation of Windows WMF on the web", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420351/100/0/threaded" + }, + { + "name": "20051229 WMF exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420446/100/0/threaded" + }, + { + "name": "win-wmf-execute-code(23846)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23846" + }, + { + "name": "18364", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18364" + }, + { + "name": "20060104 Another WMF exploit workaround", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420773/100/0/threaded" + }, + { + "name": "18415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18415" + }, + { + "name": "20060101 Re: RE: WMF Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420664/30/7730/threaded" + }, + { + "name": "20060103 Re: [funsec] WMF round-up, updates and de-mystification", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420687/100/0/threaded" + }, + { + "name": "20060103 WMF round-up, updates and de-mystification", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420682/100/0/threaded" + }, + { + "name": "18311", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18311" + }, + { + "name": "TA05-362A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-362A.html" + }, + { + "name": "http://linuxbox.org/pipermail/funsec/2006-January/002455.html", + "refsource": "MISC", + "url": "http://linuxbox.org/pipermail/funsec/2006-January/002455.html" + }, + { + "name": "20051229 RE: WMF Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420546/30/7730/threaded" + }, + { + "name": "oval:org.mitre.oval:def:1431", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1431" + }, + { + "name": "20051227 Is this a new exploit?", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420288/100/0/threaded" + }, + { + "name": "VU#181038", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/181038" + }, + { + "name": "oval:org.mitre.oval:def:1460", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1460" + }, + { + "name": "16074", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16074" + }, + { + "name": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375341", + "refsource": "MISC", + "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375341" + }, + { + "name": "MS06-001", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-001" + }, + { + "name": "20060103 WMF SETABORTPROC exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420684/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:1433", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1433" + }, + { + "name": "TA06-005A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-005A.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-001.htm", + "refsource": "MISC", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-001.htm" + }, + { + "name": "http://www.microsoft.com/technet/security/advisory/912840.mspx", + "refsource": "MISC", + "url": "http://www.microsoft.com/technet/security/advisory/912840.mspx" + }, + { + "name": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420", + "refsource": "MISC", + "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2472.json b/2009/2xxx/CVE-2009-2472.json index 15ada5b3967..48586fb84d4 100644 --- a/2009/2xxx/CVE-2009-2472.json +++ b/2009/2xxx/CVE-2009-2472.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2472", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a \"cross origin wrapper bypass.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-2472", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-40.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-40.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=479288", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=479288" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=481434", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=481434" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=497102", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=497102" - }, - { - "name" : "FEDORA-2009-7961", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01032.html" - }, - { - "name" : "RHSA-2009:1162", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2009-1162.html" - }, - { - "name" : "265068", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1" - }, - { - "name" : "1020800", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1" - }, - { - "name" : "SUSE-SA:2009:042", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html" - }, - { - "name" : "SUSE-SA:2009:039", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html" - }, - { - "name" : "35758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35758" - }, - { - "name" : "oval:org.mitre.oval:def:9497", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9497" - }, - { - "name" : "35914", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35914" - }, - { - "name" : "35944", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35944" - }, - { - "name" : "36145", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36145" - }, - { - "name" : "36005", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36005" - }, - { - "name" : "ADV-2009-1972", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1972" - }, - { - "name" : "ADV-2009-2152", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a \"cross origin wrapper bypass.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "265068", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1" + }, + { + "name": "1020800", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1" + }, + { + "name": "FEDORA-2009-7961", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01032.html" + }, + { + "name": "36145", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36145" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-40.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-40.html" + }, + { + "name": "35944", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35944" + }, + { + "name": "SUSE-SA:2009:039", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=481434", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=481434" + }, + { + "name": "RHSA-2009:1162", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2009-1162.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=479288", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=479288" + }, + { + "name": "35758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35758" + }, + { + "name": "ADV-2009-2152", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2152" + }, + { + "name": "36005", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36005" + }, + { + "name": "oval:org.mitre.oval:def:9497", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9497" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=497102", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=497102" + }, + { + "name": "SUSE-SA:2009:042", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html" + }, + { + "name": "35914", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35914" + }, + { + "name": "ADV-2009-1972", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1972" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2485.json b/2009/2xxx/CVE-2009-2485.json index 67ca75dccb3..7abab97c561 100644 --- a/2009/2xxx/CVE-2009-2485.json +++ b/2009/2xxx/CVE-2009-2485.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in HT-MP3Player 1.0 allows remote attackers to execute arbitrary code via a long string in a .ht3 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9034", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in HT-MP3Player 1.0 allows remote attackers to execute arbitrary code via a long string in a .ht3 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9034", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9034" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2634.json b/2009/2xxx/CVE-2009-2634.json index 2f67448e1b0..df3c6a1b5c2 100644 --- a/2009/2xxx/CVE-2009-2634.json +++ b/2009/2xxx/CVE-2009-2634.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8912", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8912" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8912", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8912" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2787.json b/2009/2xxx/CVE-2009-2787.json index a7274907030..e727771742a 100644 --- a/2009/2xxx/CVE-2009-2787.json +++ b/2009/2xxx/CVE-2009-2787.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2787", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in include/reputation/rep_profile.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9315", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9315" - }, - { - "name" : "http://packetstormsecurity.org/0907-exploits/punbbrep-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/punbbrep-lfi.txt" - }, - { - "name" : "56613", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56613" - }, - { - "name" : "36020", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36020" - }, - { - "name" : "punbb-reputation-repprofile-file-include(52138)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in include/reputation/rep_profile.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56613", + "refsource": "OSVDB", + "url": "http://osvdb.org/56613" + }, + { + "name": "9315", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9315" + }, + { + "name": "punbb-reputation-repprofile-file-include(52138)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52138" + }, + { + "name": "36020", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36020" + }, + { + "name": "http://packetstormsecurity.org/0907-exploits/punbbrep-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/punbbrep-lfi.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2821.json b/2009/2xxx/CVE-2009-2821.json index 2972de91a8d..d2f3f738b63 100644 --- a/2009/2xxx/CVE-2009-2821.json +++ b/2009/2xxx/CVE-2009-2821.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2821", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2821", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2975.json b/2009/2xxx/CVE-2009-2975.json index 26d757e4741..295b6ea72dc 100644 --- a/2009/2xxx/CVE-2009-2975.json +++ b/2009/2xxx/CVE-2009-2975.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2975", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly involving an incompletely configured protocol handler, does not properly implement setting the document.location property to a value specifying a protocol associated with an external application, which allows remote attackers to cause a denial of service (memory consumption) via vectors involving a series of function calls that set this property, as demonstrated by (1) the chromehtml: protocol and (2) the aim: protocol." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090825 RE: DoS vulnerability in Google Chrome", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2009-08/0234.html" - }, - { - "name" : "20090825 Re: DoS vulnerability in Google Chrome", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2009-08/0236.html" - }, - { - "name" : "20090825 Re: DoS vulnerability in Google Chrome", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2009-08/0246.html" - }, - { - "name" : "firefox-doclocation-dos(52923)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52923" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly involving an incompletely configured protocol handler, does not properly implement setting the document.location property to a value specifying a protocol associated with an external application, which allows remote attackers to cause a denial of service (memory consumption) via vectors involving a series of function calls that set this property, as demonstrated by (1) the chromehtml: protocol and (2) the aim: protocol." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "firefox-doclocation-dos(52923)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52923" + }, + { + "name": "20090825 RE: DoS vulnerability in Google Chrome", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2009-08/0234.html" + }, + { + "name": "20090825 Re: DoS vulnerability in Google Chrome", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2009-08/0236.html" + }, + { + "name": "20090825 Re: DoS vulnerability in Google Chrome", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2009-08/0246.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3534.json b/2009/3xxx/CVE-2009-3534.json index 43897c940ca..81b3ec49778 100644 --- a/2009/3xxx/CVE-2009-3534.json +++ b/2009/3xxx/CVE-2009-3534.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in LionWiki 3.0.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9119", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9119" - }, - { - "name" : "55801", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/55801" - }, - { - "name" : "35774", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35774" - }, - { - "name" : "lionwiki-page-file-include(51659)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51659" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in LionWiki 3.0.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9119", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9119" + }, + { + "name": "55801", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/55801" + }, + { + "name": "35774", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35774" + }, + { + "name": "lionwiki-page-file-include(51659)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51659" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3669.json b/2009/3xxx/CVE-2009-3669.json index d19b2514fe4..8976bf1a721 100644 --- a/2009/3xxx/CVE-2009-3669.json +++ b/2009/3xxx/CVE-2009-3669.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the foobla Suggestions (com_foobla_suggestions) component 1.5.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the idea_id parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9697", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9697" - }, - { - "name" : "36425", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the foobla Suggestions (com_foobla_suggestions) component 1.5.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the idea_id parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36425", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36425" + }, + { + "name": "9697", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9697" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3767.json b/2009/3xxx/CVE-2009-3767.json index 864e488e8cf..39ea159e19b 100644 --- a/2009/3xxx/CVE-2009-3767.json +++ b/2009/3xxx/CVE-2009-3767.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3767", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090903 More CVE-2009-2408 like issues", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125198917018936&w=2" - }, - { - "name" : "[oss-security] 20090923 Re: More CVE-2009-2408 like issues", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125369675820512&w=2" - }, - { - "name" : "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_o.c.diff?r1=1.8&r2=1.11&f=h", - "refsource" : "CONFIRM", - "url" : "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_o.c.diff?r1=1.8&r2=1.11&f=h" - }, - { - "name" : "http://support.apple.com/kb/HT3937", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3937" - }, - { - "name" : "APPLE-SA-2009-11-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" - }, - { - "name" : "FEDORA-2010-0752", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036138.html" - }, - { - "name" : "GLSA-201406-36", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-36.xml" - }, - { - "name" : "RHSA-2010:0543", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0543.html" - }, - { - "name" : "RHSA-2011:0896", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0896.html" - }, - { - "name" : "SUSE-SR:2009:016", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" - }, - { - "name" : "oval:org.mitre.oval:def:11178", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11178" - }, - { - "name" : "oval:org.mitre.oval:def:7274", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7274" - }, - { - "name" : "38769", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38769" - }, - { - "name" : "40677", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40677" - }, - { - "name" : "ADV-2009-3056", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3056" - }, - { - "name" : "ADV-2010-1858", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1858" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2010-0752", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036138.html" + }, + { + "name": "[oss-security] 20090923 Re: More CVE-2009-2408 like issues", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125369675820512&w=2" + }, + { + "name": "GLSA-201406-36", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-36.xml" + }, + { + "name": "oval:org.mitre.oval:def:11178", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11178" + }, + { + "name": "ADV-2010-1858", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1858" + }, + { + "name": "40677", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40677" + }, + { + "name": "oval:org.mitre.oval:def:7274", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7274" + }, + { + "name": "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_o.c.diff?r1=1.8&r2=1.11&f=h", + "refsource": "CONFIRM", + "url": "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_o.c.diff?r1=1.8&r2=1.11&f=h" + }, + { + "name": "ADV-2009-3056", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3056" + }, + { + "name": "RHSA-2010:0543", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0543.html" + }, + { + "name": "RHSA-2011:0896", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html" + }, + { + "name": "SUSE-SR:2009:016", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" + }, + { + "name": "38769", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38769" + }, + { + "name": "APPLE-SA-2009-11-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT3937", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3937" + }, + { + "name": "[oss-security] 20090903 More CVE-2009-2408 like issues", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125198917018936&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0036.json b/2015/0xxx/CVE-2015-0036.json index 2a9128e0095..feed037a708 100644 --- a/2015/0xxx/CVE-2015-0036.json +++ b/2015/0xxx/CVE-2015-0036.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, and CVE-2015-0041." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-0036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009" - }, - { - "name" : "72446", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72446" - }, - { - "name" : "1031723", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, and CVE-2015-0041." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72446", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72446" + }, + { + "name": "1031723", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031723" + }, + { + "name": "MS15-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0390.json b/2015/0xxx/CVE-2015-0390.json index 3917209e326..8f287379671 100644 --- a/2015/0xxx/CVE-2015-0390.json +++ b/2015/0xxx/CVE-2015-0390.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the MICROS Retail component in Oracle Retail Applications Xstore: 3.2.1, 3.4.2, 3.5.0, 4.0.1, 4.5.1, 4.8.0, 5.0.3, 5.5.3, 6.0.6, and 6.5.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Xstore Point of Sale." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "72247", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72247" - }, - { - "name" : "1031591", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031591" - }, - { - "name" : "oracle-cpujan2015-cve20150390(100138)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the MICROS Retail component in Oracle Retail Applications Xstore: 3.2.1, 3.4.2, 3.5.0, 4.0.1, 4.5.1, 4.8.0, 5.0.3, 5.5.3, 6.0.6, and 6.5.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Xstore Point of Sale." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031591", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031591" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "oracle-cpujan2015-cve20150390(100138)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100138" + }, + { + "name": "72247", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72247" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0472.json b/2015/0xxx/CVE-2015-0472.json index 3774f256d35..ac922315a9f 100644 --- a/2015/0xxx/CVE-2015-0472.json +++ b/2015/0xxx/CVE-2015-0472.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0472", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2015-0487." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0472", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" - }, - { - "name" : "1032125", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2015-0487." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" + }, + { + "name": "1032125", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032125" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0602.json b/2015/0xxx/CVE-2015-0602.json index 2c37ebcd914..addd7370d6a 100644 --- a/2015/0xxx/CVE-2015-0602.json +++ b/2015/0xxx/CVE-2015-0602.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to obtain sensitive information by sniffing the network, aka Bug ID CSCuq12117." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37342", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37342" - }, - { - "name" : "20150203 Cisco Unified IP Phone 9900 Series Data Disclosure Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0602" - }, - { - "name" : "72482", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72482" - }, - { - "name" : "cisco-unifiedipphone-cve20150602-info-disc(100615)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100615" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to obtain sensitive information by sniffing the network, aka Bug ID CSCuq12117." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-unifiedipphone-cve20150602-info-disc(100615)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100615" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37342", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37342" + }, + { + "name": "72482", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72482" + }, + { + "name": "20150203 Cisco Unified IP Phone 9900 Series Data Disclosure Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0602" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0603.json b/2015/0xxx/CVE-2015-0603.json index fe26c05700b..6bf8cc59474 100644 --- a/2015/0xxx/CVE-2015-0603.json +++ b/2015/0xxx/CVE-2015-0603.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0603", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier use weak permissions for unspecified files, which allows local users to cause a denial of service (persistent hang or reboot) by writing to a phone's filesystem, aka Bug ID CSCup90474." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37345", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37345" - }, - { - "name" : "20150203 Cisco Unified IP Phone 9900 Series Insecure Device Permissions Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0603" - }, - { - "name" : "72484", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72484" - }, - { - "name" : "cisco-unifiedipphone-cve20150603-dos(100619)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier use weak permissions for unspecified files, which allows local users to cause a denial of service (persistent hang or reboot) by writing to a phone's filesystem, aka Bug ID CSCup90474." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72484", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72484" + }, + { + "name": "20150203 Cisco Unified IP Phone 9900 Series Insecure Device Permissions Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0603" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37345", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37345" + }, + { + "name": "cisco-unifiedipphone-cve20150603-dos(100619)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100619" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1409.json b/2015/1xxx/CVE-2015-1409.json index 1e4206b8eb7..53de4397625 100644 --- a/2015/1xxx/CVE-2015-1409.json +++ b/2015/1xxx/CVE-2015-1409.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1409", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1409", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1773.json b/2015/1xxx/CVE-2015-1773.json index 84111c16f22..bc54dd39d38 100644 --- a/2015/1xxx/CVE-2015-1773.json +++ b/2015/1xxx/CVE-2015-1773.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in asdoc/templates/index.html in Apache Flex before 4.14.1 allows remote attackers to inject arbitrary web script or HTML by providing a crafted URI to JavaScript code generated by the asdoc component." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150407 CVE-2015-1773 Apache Flex reflected XSS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2015/Apr/42" - }, - { - "name" : "https://helpx.adobe.com/security/products/flex/apsb15-08.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flex/apsb15-08.html" - }, - { - "name" : "73954", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73954" - }, - { - "name" : "1032107", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in asdoc/templates/index.html in Apache Flex before 4.14.1 allows remote attackers to inject arbitrary web script or HTML by providing a crafted URI to JavaScript code generated by the asdoc component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150407 CVE-2015-1773 Apache Flex reflected XSS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2015/Apr/42" + }, + { + "name": "73954", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73954" + }, + { + "name": "https://helpx.adobe.com/security/products/flex/apsb15-08.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flex/apsb15-08.html" + }, + { + "name": "1032107", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032107" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4010.json b/2015/4xxx/CVE-2015-4010.json index 72870a903e9..526baff3b54 100644 --- a/2015/4xxx/CVE-2015-4010.json +++ b/2015/4xxx/CVE-2015-4010.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the iframe_url parameter in an Update Page action in the conformconf page to wp-admin/options-general.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150606 CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535699/100/0/threaded" - }, - { - "name" : "37264", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37264/" - }, - { - "name" : "20150515 CSRF & XSS vulnerabilities in Encrypted Contact Form Wordpress Plugin v1.0.4", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/May/63" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/7992", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/7992" - }, - { - "name" : "http://packetstormsecurity.com/files/132209/WordPress-Encrypted-Contact-Form-1.0.4-CSRF-XSS.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132209/WordPress-Encrypted-Contact-Form-1.0.4-CSRF-XSS.html" - }, - { - "name" : "https://plugins.trac.wordpress.org/changeset/1125443/", - "refsource" : "CONFIRM", - "url" : "https://plugins.trac.wordpress.org/changeset/1125443/" - }, - { - "name" : "https://wordpress.org/plugins/encrypted-contact-form/changelog/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/encrypted-contact-form/changelog/" - }, - { - "name" : "HPSBUX03281", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142607790919348&w=2" - }, - { - "name" : "SSRT101968", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142607790919348&w=2" - }, - { - "name" : "73433", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the iframe_url parameter in an Update Page action in the conformconf page to wp-admin/options-general.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37264", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37264/" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/7992", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/7992" + }, + { + "name": "https://wordpress.org/plugins/encrypted-contact-form/changelog/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/encrypted-contact-form/changelog/" + }, + { + "name": "73433", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73433" + }, + { + "name": "http://packetstormsecurity.com/files/132209/WordPress-Encrypted-Contact-Form-1.0.4-CSRF-XSS.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132209/WordPress-Encrypted-Contact-Form-1.0.4-CSRF-XSS.html" + }, + { + "name": "HPSBUX03281", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142607790919348&w=2" + }, + { + "name": "20150515 CSRF & XSS vulnerabilities in Encrypted Contact Form Wordpress Plugin v1.0.4", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/May/63" + }, + { + "name": "20150606 CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535699/100/0/threaded" + }, + { + "name": "https://plugins.trac.wordpress.org/changeset/1125443/", + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset/1125443/" + }, + { + "name": "SSRT101968", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142607790919348&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4782.json b/2015/4xxx/CVE-2015-4782.json index eefbffc18ff..509019624f9 100644 --- a/2015/4xxx/CVE-2015-4782.json +++ b/2015/4xxx/CVE-2015-4782.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4782", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640, CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-4764, CVE-2015-4775, CVE-2015-4776, CVE-2015-4777, CVE-2015-4778, CVE-2015-4780, CVE-2015-4781, CVE-2015-4783, CVE-2015-4784, CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, CVE-2015-4789, and CVE-2015-4790." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4782", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640, CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-4764, CVE-2015-4775, CVE-2015-4776, CVE-2015-4777, CVE-2015-4778, CVE-2015-4780, CVE-2015-4781, CVE-2015-4783, CVE-2015-4784, CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, CVE-2015-4789, and CVE-2015-4790." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4947.json b/2015/4xxx/CVE-2015-4947.json index d11feaf656f..afad7f628cb 100644 --- a/2015/4xxx/CVE-2015-4947.json +++ b/2015/4xxx/CVE-2015-4947.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the Administration Server in IBM HTTP Server 6.1.0.x through 6.1.0.47, 7.0.0.x before 7.0.0.39, 8.0.0.x before 8.0.0.12, and 8.5.x before 8.5.5.7, as used in WebSphere Application Server and other products, allows remote authenticated users to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-4947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21965419", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21965419" - }, - { - "name" : "PI44793", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI44793" - }, - { - "name" : "PI45596", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI45596" - }, - { - "name" : "76658", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76658" - }, - { - "name" : "1033512", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033512" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the Administration Server in IBM HTTP Server 6.1.0.x through 6.1.0.47, 7.0.0.x before 7.0.0.39, 8.0.0.x before 8.0.0.12, and 8.5.x before 8.5.5.7, as used in WebSphere Application Server and other products, allows remote authenticated users to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21965419", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965419" + }, + { + "name": "76658", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76658" + }, + { + "name": "PI45596", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI45596" + }, + { + "name": "PI44793", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI44793" + }, + { + "name": "1033512", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033512" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4977.json b/2015/4xxx/CVE-2015-4977.json index 854bafa2b08..0bbd9ee8aea 100644 --- a/2015/4xxx/CVE-2015-4977.json +++ b/2015/4xxx/CVE-2015-4977.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4977", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4977", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8071.json b/2015/8xxx/CVE-2015-8071.json index be0e0234a0a..d1740ecb0b5 100644 --- a/2015/8xxx/CVE-2015-8071.json +++ b/2015/8xxx/CVE-2015-8071.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-8071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html" - }, - { - "name" : "GLSA-201601-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201601-03" - }, - { - "name" : "SUSE-SU-2015:2236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html" - }, - { - "name" : "SUSE-SU-2015:2247", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html" - }, - { - "name" : "openSUSE-SU-2015:2239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html" - }, - { - "name" : "78715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/78715" - }, - { - "name" : "1034318", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:2239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html" + }, + { + "name": "78715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/78715" + }, + { + "name": "SUSE-SU-2015:2236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html" + }, + { + "name": "SUSE-SU-2015:2247", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html" + }, + { + "name": "1034318", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034318" + }, + { + "name": "GLSA-201601-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201601-03" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9119.json b/2015/9xxx/CVE-2015-9119.json index ec454e92573..c4d4f2755de 100644 --- a/2015/9xxx/CVE-2015-9119.json +++ b/2015/9xxx/CVE-2015-9119.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2015-9119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, SDX20" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, sensitive information may be returned to the QMI client as a response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer overread vulnerability in Core." - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2015-9119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, SDX20" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, sensitive information may be returned to the QMI client as a response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer overread vulnerability in Core." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9243.json b/2015/9xxx/CVE-2015-9243.json index f0deada3172..a5c3c48278b 100644 --- a/2015/9xxx/CVE-2015-9243.json +++ b/2015/9xxx/CVE-2015-9243.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2015-9243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "hapi node module", - "version" : { - "version_data" : [ - { - "version_value" : "<11.1.4" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have those restrictions overridden by less restrictive defaults (e.g. origin defaults to all origins `*`)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Access Control - Generic (CWE-284)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2015-9243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "hapi node module", + "version": { + "version_data": [ + { + "version_value": "<11.1.4" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/hapijs/hapi/issues/2980", - "refsource" : "MISC", - "url" : "https://github.com/hapijs/hapi/issues/2980" - }, - { - "name" : "https://nodesecurity.io/advisories/65", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/65" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have those restrictions overridden by less restrictive defaults (e.g. origin defaults to all origins `*`)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control - Generic (CWE-284)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/hapijs/hapi/issues/2980", + "refsource": "MISC", + "url": "https://github.com/hapijs/hapi/issues/2980" + }, + { + "name": "https://nodesecurity.io/advisories/65", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/65" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2048.json b/2018/2xxx/CVE-2018-2048.json index 2c7556ed68f..916cc118125 100644 --- a/2018/2xxx/CVE-2018-2048.json +++ b/2018/2xxx/CVE-2018-2048.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2048", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2048", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2203.json b/2018/2xxx/CVE-2018-2203.json index 04d64a34888..d1af37095d5 100644 --- a/2018/2xxx/CVE-2018-2203.json +++ b/2018/2xxx/CVE-2018-2203.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2203", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2203", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2616.json b/2018/2xxx/CVE-2018-2616.json index 4d57de96b88..c9ebaeb1c36 100644 --- a/2018/2xxx/CVE-2018-2616.json +++ b/2018/2xxx/CVE-2018-2616.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OSS Support Tools", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "2.11.33" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). The supported version that is affected is Prior to 2.11.33. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in takeover of OSS Support Tools. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in takeover of OSS Support Tools." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OSS Support Tools", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2.11.33" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102644", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102644" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). The supported version that is affected is Prior to 2.11.33. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in takeover of OSS Support Tools. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in takeover of OSS Support Tools." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "102644", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102644" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2912.json b/2018/2xxx/CVE-2018-2912.json index 5a7d90c16aa..6c4ae714981 100644 --- a/2018/2xxx/CVE-2018-2912.json +++ b/2018/2xxx/CVE-2018-2912.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GoldenGate", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.2.1.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.0.2.0" - }, - { - "version_affected" : "=", - "version_value" : "12.3.0.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager). Supported versions that are affected are 12.1.2.1.0, 12.2.0.2.0 and 12.3.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GoldenGate", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.2.1.0" + }, + { + "version_affected": "=", + "version_value": "12.2.0.2.0" + }, + { + "version_affected": "=", + "version_value": "12.3.0.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2018-31", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2018-31" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105651", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager). Supported versions that are affected are 12.1.2.1.0, 12.2.0.2.0 and 12.3.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105651", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105651" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "https://www.tenable.com/security/research/tra-2018-31", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2018-31" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6161.json b/2018/6xxx/CVE-2018-6161.json index 4bb69224ee3..603338fb23d 100644 --- a/2018/6xxx/CVE-2018-6161.json +++ b/2018/6xxx/CVE-2018-6161.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6161", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6161", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6545.json b/2018/6xxx/CVE-2018-6545.json index 6bde326bd28..734004fe4f7 100644 --- a/2018/6xxx/CVE-2018-6545.json +++ b/2018/6xxx/CVE-2018-6545.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability, as demonstrated by human.aspx. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crowdshield.com/blog.php?name=ipswitch-moveit-stored-xss", - "refsource" : "MISC", - "url" : "https://crowdshield.com/blog.php?name=ipswitch-moveit-stored-xss" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability, as demonstrated by human.aspx. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crowdshield.com/blog.php?name=ipswitch-moveit-stored-xss", + "refsource": "MISC", + "url": "https://crowdshield.com/blog.php?name=ipswitch-moveit-stored-xss" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7021.json b/2018/7xxx/CVE-2018-7021.json index 3837b2b222b..760a221c360 100644 --- a/2018/7xxx/CVE-2018-7021.json +++ b/2018/7xxx/CVE-2018-7021.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7021", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7021", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7036.json b/2018/7xxx/CVE-2018-7036.json index d13598436f8..8f3fb4107b2 100644 --- a/2018/7xxx/CVE-2018-7036.json +++ b/2018/7xxx/CVE-2018-7036.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7036", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7036", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7087.json b/2018/7xxx/CVE-2018-7087.json index 0647ed36928..2919f348337 100644 --- a/2018/7xxx/CVE-2018-7087.json +++ b/2018/7xxx/CVE-2018-7087.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7087", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7087", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7565.json b/2018/7xxx/CVE-2018-7565.json index c9bd86e5e40..c74658a2577 100644 --- a/2018/7xxx/CVE-2018-7565.json +++ b/2018/7xxx/CVE-2018-7565.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CSRF exists on Polycom QDX 6000 devices." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-vulnerabilities-qdx-6000-1-0.pdf", - "refsource" : "CONFIRM", - "url" : "https://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-vulnerabilities-qdx-6000-1-0.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CSRF exists on Polycom QDX 6000 devices." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-vulnerabilities-qdx-6000-1-0.pdf", + "refsource": "CONFIRM", + "url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-vulnerabilities-qdx-6000-1-0.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7582.json b/2018/7xxx/CVE-2018-7582.json index c9e3c5b56ff..c4b24a8bad6 100644 --- a/2018/7xxx/CVE-2018-7582.json +++ b/2018/7xxx/CVE-2018-7582.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7582", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service (daemon crash) via a long HTTP Accept Header to TCP port 9991." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7582", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44271", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44271/" - }, - { - "name" : "http://hyp3rlinx.altervista.org/advisories/WEBLOG-EXPERT-WEB-SERVER-ENTERPRISE-v9.4-DENIAL-OF-SERVICE.txt", - "refsource" : "MISC", - "url" : "http://hyp3rlinx.altervista.org/advisories/WEBLOG-EXPERT-WEB-SERVER-ENTERPRISE-v9.4-DENIAL-OF-SERVICE.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/146698/WebLog-Expert-Web-Server-Enterprise-9.4-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/146698/WebLog-Expert-Web-Server-Enterprise-9.4-Denial-Of-Service.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service (daemon crash) via a long HTTP Accept Header to TCP port 9991." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/146698/WebLog-Expert-Web-Server-Enterprise-9.4-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/146698/WebLog-Expert-Web-Server-Enterprise-9.4-Denial-Of-Service.html" + }, + { + "name": "http://hyp3rlinx.altervista.org/advisories/WEBLOG-EXPERT-WEB-SERVER-ENTERPRISE-v9.4-DENIAL-OF-SERVICE.txt", + "refsource": "MISC", + "url": "http://hyp3rlinx.altervista.org/advisories/WEBLOG-EXPERT-WEB-SERVER-ENTERPRISE-v9.4-DENIAL-OF-SERVICE.txt" + }, + { + "name": "44271", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44271/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7823.json b/2018/7xxx/CVE-2018-7823.json index ccac61e3bb0..d6bec0d55f5 100644 --- a/2018/7xxx/CVE-2018-7823.json +++ b/2018/7xxx/CVE-2018-7823.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7823", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7823", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5258.json b/2019/5xxx/CVE-2019-5258.json index dee3d63e7ec..332a8384aae 100644 --- a/2019/5xxx/CVE-2019-5258.json +++ b/2019/5xxx/CVE-2019-5258.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5258", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5258", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5341.json b/2019/5xxx/CVE-2019-5341.json index 149a6c8f296..c11bad61451 100644 --- a/2019/5xxx/CVE-2019-5341.json +++ b/2019/5xxx/CVE-2019-5341.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5341", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5341", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file