From 713a58a805ad78aed6124f6a647d068c217b6818 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:58:09 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/1xxx/CVE-1999-1252.json | 140 ++++++++++---------- 1999/1xxx/CVE-1999-1450.json | 140 ++++++++++---------- 1999/1xxx/CVE-1999-1476.json | 130 +++++++++--------- 2000/0xxx/CVE-2000-0153.json | 130 +++++++++--------- 2000/0xxx/CVE-2000-0172.json | 120 ++++++++--------- 2000/0xxx/CVE-2000-0508.json | 140 ++++++++++---------- 2000/1xxx/CVE-2000-1079.json | 160 +++++++++++----------- 2005/2xxx/CVE-2005-2453.json | 170 ++++++++++++------------ 2005/2xxx/CVE-2005-2884.json | 150 ++++++++++----------- 2005/2xxx/CVE-2005-2958.json | 250 +++++++++++++++++------------------ 2005/3xxx/CVE-2005-3025.json | 130 +++++++++--------- 2005/3xxx/CVE-2005-3063.json | 160 +++++++++++----------- 2005/3xxx/CVE-2005-3108.json | 200 ++++++++++++++-------------- 2005/3xxx/CVE-2005-3312.json | 160 +++++++++++----------- 2005/3xxx/CVE-2005-3497.json | 160 +++++++++++----------- 2005/3xxx/CVE-2005-3853.json | 150 ++++++++++----------- 2005/4xxx/CVE-2005-4215.json | 150 ++++++++++----------- 2009/2xxx/CVE-2009-2124.json | 130 +++++++++--------- 2009/2xxx/CVE-2009-2203.json | 180 ++++++++++++------------- 2009/2xxx/CVE-2009-2243.json | 130 +++++++++--------- 2009/2xxx/CVE-2009-2271.json | 130 +++++++++--------- 2009/3xxx/CVE-2009-3137.json | 34 ++--- 2009/3xxx/CVE-2009-3508.json | 130 +++++++++--------- 2009/3xxx/CVE-2009-3633.json | 180 ++++++++++++------------- 2009/3xxx/CVE-2009-3958.json | 200 ++++++++++++++-------------- 2009/4xxx/CVE-2009-4638.json | 170 ++++++++++++------------ 2015/0xxx/CVE-2015-0013.json | 34 ++--- 2015/0xxx/CVE-2015-0177.json | 140 ++++++++++---------- 2015/0xxx/CVE-2015-0263.json | 170 ++++++++++++------------ 2015/0xxx/CVE-2015-0755.json | 130 +++++++++--------- 2015/0xxx/CVE-2015-0768.json | 130 +++++++++--------- 2015/1xxx/CVE-2015-1579.json | 130 +++++++++--------- 2015/1xxx/CVE-2015-1637.json | 160 +++++++++++----------- 2015/1xxx/CVE-2015-1659.json | 140 ++++++++++---------- 2015/4xxx/CVE-2015-4056.json | 120 ++++++++--------- 2015/4xxx/CVE-2015-4165.json | 170 ++++++++++++------------ 2015/4xxx/CVE-2015-4338.json | 140 ++++++++++---------- 2015/4xxx/CVE-2015-4765.json | 130 +++++++++--------- 2015/5xxx/CVE-2015-5729.json | 170 ++++++++++++------------ 2015/9xxx/CVE-2015-9076.json | 34 ++--- 2018/2xxx/CVE-2018-2699.json | 142 ++++++++++---------- 2018/3xxx/CVE-2018-3238.json | 132 +++++++++--------- 2018/3xxx/CVE-2018-3502.json | 34 ++--- 2018/3xxx/CVE-2018-3566.json | 122 ++++++++--------- 2018/3xxx/CVE-2018-3728.json | 180 ++++++++++++------------- 2018/6xxx/CVE-2018-6213.json | 150 ++++++++++----------- 2018/6xxx/CVE-2018-6316.json | 120 ++++++++--------- 2018/6xxx/CVE-2018-6949.json | 34 ++--- 2018/6xxx/CVE-2018-6997.json | 34 ++--- 2018/7xxx/CVE-2018-7084.json | 34 ++--- 2018/7xxx/CVE-2018-7247.json | 120 ++++++++--------- 2018/7xxx/CVE-2018-7259.json | 140 ++++++++++---------- 2018/7xxx/CVE-2018-7742.json | 34 ++--- 53 files changed, 3499 insertions(+), 3499 deletions(-) diff --git a/1999/1xxx/CVE-1999-1252.json b/1999/1xxx/CVE-1999-1252.json index 7b3eae38b88..35c49ce0fb1 100644 --- a/1999/1xxx/CVE-1999-1252.json +++ b/1999/1xxx/CVE-1999-1252.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in a certain system call in SCO UnixWare 2.0.x and 2.1.0 allows local users to access arbitrary files and gain root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VB-96.15", - "refsource" : "CERT", - "url" : "http://www.cert.org/vendor_bulletins/VB-96.15.sco" - }, - { - "name" : "96:002", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.COM/SSE/security_bulletins/SB.96:02a" - }, - { - "name" : "sco-system-call(1966)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in a certain system call in SCO UnixWare 2.0.x and 2.1.0 allows local users to access arbitrary files and gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VB-96.15", + "refsource": "CERT", + "url": "http://www.cert.org/vendor_bulletins/VB-96.15.sco" + }, + { + "name": "96:002", + "refsource": "SCO", + "url": "ftp://ftp.sco.COM/SSE/security_bulletins/SB.96:02a" + }, + { + "name": "sco-system-call(1966)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1966" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1450.json b/1999/1xxx/CVE-1999-1450.json index 53418a33194..ce4057ad804 100644 --- a/1999/1xxx/CVE-1999-1450.json +++ b/1999/1xxx/CVE-1999-1450.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX OpenServer 5.0.5 and earlier, and SCO UnixWare 7.0.1 and earlier, allows remote attackers to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SB-99.03b", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/SSE/security_bulletins/SB-99.03b" - }, - { - "name" : "SB-99.06b", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/SSE/security_bulletins/SB-99.06b" - }, - { - "name" : "SSE020", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.COM/SSE/sse020.ltr" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX OpenServer 5.0.5 and earlier, and SCO UnixWare 7.0.1 and earlier, allows remote attackers to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSE020", + "refsource": "SCO", + "url": "ftp://ftp.sco.COM/SSE/sse020.ltr" + }, + { + "name": "SB-99.06b", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/SSE/security_bulletins/SB-99.06b" + }, + { + "name": "SB-99.03b", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/SSE/security_bulletins/SB-99.03b" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1476.json b/1999/1xxx/CVE-1999-1476.json index 538eb3351b5..b52f1577938 100644 --- a/1999/1xxx/CVE-1999-1476.json +++ b/1999/1xxx/CVE-1999-1476.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A bug in Intel Pentium processor (MMX and Overdrive) allows local users to cause a denial of service (hang) in Intel-based operating systems such as Windows NT and Windows 95, via an invalid instruction, aka the \"Invalid Operand with Locked CMPXCHG8B Instruction\" problem." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "Q163852", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/support/kb/articles/q163/8/52.asp" - }, - { - "name" : "pentium-crash(704)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/704" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A bug in Intel Pentium processor (MMX and Overdrive) allows local users to cause a denial of service (hang) in Intel-based operating systems such as Windows NT and Windows 95, via an invalid instruction, aka the \"Invalid Operand with Locked CMPXCHG8B Instruction\" problem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "Q163852", + "refsource": "MSKB", + "url": "http://support.microsoft.com/support/kb/articles/q163/8/52.asp" + }, + { + "name": "pentium-crash(704)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/704" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0153.json b/2000/0xxx/CVE-2000-0153.json index 036681f563d..751f8b0fe8c 100644 --- a/2000/0xxx/CVE-2000-0153.json +++ b/2000/0xxx/CVE-2000-0153.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0153", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FrontPage Personal Web Server (PWS) allows remote attackers to read files via a .... (dot dot) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000216 Doubledot bug in FrontPage FrontPage Personal Web Server.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=000801bf780a$9ad4b2e0$0100007f@localhost" - }, - { - "name" : "989", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/989" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FrontPage Personal Web Server (PWS) allows remote attackers to read files via a .... (dot dot) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000216 Doubledot bug in FrontPage FrontPage Personal Web Server.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=000801bf780a$9ad4b2e0$0100007f@localhost" + }, + { + "name": "989", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/989" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0172.json b/2000/0xxx/CVE-2000-0172.json index f0c9c46be6c..f5320fcc363 100644 --- a/2000/0xxx/CVE-2000-0172.json +++ b/2000/0xxx/CVE-2000-0172.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1038", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1038" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0508.json b/2000/0xxx/CVE-2000-0508.json index 2a3b3ac6a54..554e3dcf3fe 100644 --- a/2000/0xxx/CVE-2000-0508.json +++ b/2000/0xxx/CVE-2000-0508.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to cause a denial of service via a malformed request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000608 Remote DOS in linux rpc.lockd", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-06/0073.html" - }, - { - "name" : "1372", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1372" - }, - { - "name" : "linux-lockd-remote-dos(5050)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5050" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to cause a denial of service via a malformed request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000608 Remote DOS in linux rpc.lockd", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0073.html" + }, + { + "name": "1372", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1372" + }, + { + "name": "linux-lockd-remote-dos(5050)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5050" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1079.json b/2000/1xxx/CVE-2000-1079.json index a3584880b27..993affb2ffe 100644 --- a/2000/1xxx/CVE-2000-1079.json +++ b/2000/1xxx/CVE-2000-1079.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000829 Windows NetBIOS Unsolicited Cache Corruption", - "refsource" : "NAI", - "url" : "http://www.nai.com/research/covert/advisories/045.asp" - }, - { - "name" : "20000829 Re: [COVERT-2000-10] Windows NetBIOS Unsolicited Cache Corruption", - "refsource" : "NTBUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0116.html" - }, - { - "name" : "1620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1620" - }, - { - "name" : "win-netbios-corrupt-cache(5168)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5168" - }, - { - "name" : "oval:org.mitre.oval:def:1079", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1079" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1620" + }, + { + "name": "20000829 Re: [COVERT-2000-10] Windows NetBIOS Unsolicited Cache Corruption", + "refsource": "NTBUGTRAQ", + "url": "http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0116.html" + }, + { + "name": "win-netbios-corrupt-cache(5168)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5168" + }, + { + "name": "20000829 Windows NetBIOS Unsolicited Cache Corruption", + "refsource": "NAI", + "url": "http://www.nai.com/research/covert/advisories/045.asp" + }, + { + "name": "oval:org.mitre.oval:def:1079", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1079" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2453.json b/2005/2xxx/CVE-2005-2453.json index a825e93b24f..c9430cc2715 100644 --- a/2005/2xxx/CVE-2005-2453.json +++ b/2005/2xxx/CVE-2005-2453.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.13, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the query string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2005-31/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2005-31/advisory/" - }, - { - "name" : "14473", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14473" - }, - { - "name" : "18525", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18525" - }, - { - "name" : "1014624", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014624" - }, - { - "name" : "16301", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16301" - }, - { - "name" : "networkactiv-xss(21696)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.13, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the query string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16301", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16301" + }, + { + "name": "1014624", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014624" + }, + { + "name": "networkactiv-xss(21696)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21696" + }, + { + "name": "14473", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14473" + }, + { + "name": "http://secunia.com/secunia_research/2005-31/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2005-31/advisory/" + }, + { + "name": "18525", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18525" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2884.json b/2005/2xxx/CVE-2005-2884.json index 8ac40f93c92..58bf3589f16 100644 --- a/2005/2xxx/CVE-2005-2884.json +++ b/2005/2xxx/CVE-2005-2884.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in events.php in Land Down Under (LDU) 801 and earlier allows remote attackers to inject arbitrary web script or HTML via the Description field in an event." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050905 Land Down Under 'events.php' Cross Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112604873103252&w=2" - }, - { - "name" : "14746", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14746" - }, - { - "name" : "16710", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16710/" - }, - { - "name" : "landdownunder-events-neventtext-xss(22195)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22195" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in events.php in Land Down Under (LDU) 801 and earlier allows remote attackers to inject arbitrary web script or HTML via the Description field in an event." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050905 Land Down Under 'events.php' Cross Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112604873103252&w=2" + }, + { + "name": "landdownunder-events-neventtext-xss(22195)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22195" + }, + { + "name": "14746", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14746" + }, + { + "name": "16710", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16710/" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2958.json b/2005/2xxx/CVE-2005-2958.json index f4ac79b4876..9f019af283d 100644 --- a/2005/2xxx/CVE-2005-2958.json +++ b/2005/2xxx/CVE-2005-2958.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple format string vulnerabilities in the GNOME Data Access library for GNOME2 (libgda2) 1.2.1 and earlier allow attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-2958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-871", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-871" - }, - { - "name" : "FEDORA-2005-1029", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00013.html" - }, - { - "name" : "GLSA-200511-01", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200511-01.xml" - }, - { - "name" : "MDKSA-2005:203", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:203" - }, - { - "name" : "SUSE-SR:2005:027", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_27_sr.html" - }, - { - "name" : "USN-212-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/212-1/" - }, - { - "name" : "15200", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15200" - }, - { - "name" : "1015107", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015107" - }, - { - "name" : "17391", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17391" - }, - { - "name" : "17426", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17426" - }, - { - "name" : "17559", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17559" - }, - { - "name" : "17323", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17323" - }, - { - "name" : "17339", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17339" - }, - { - "name" : "17500", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple format string vulnerabilities in the GNOME Data Access library for GNOME2 (libgda2) 1.2.1 and earlier allow attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-871", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-871" + }, + { + "name": "17426", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17426" + }, + { + "name": "1015107", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015107" + }, + { + "name": "17500", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17500" + }, + { + "name": "GLSA-200511-01", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-01.xml" + }, + { + "name": "MDKSA-2005:203", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:203" + }, + { + "name": "17323", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17323" + }, + { + "name": "17391", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17391" + }, + { + "name": "17559", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17559" + }, + { + "name": "FEDORA-2005-1029", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00013.html" + }, + { + "name": "USN-212-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/212-1/" + }, + { + "name": "15200", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15200" + }, + { + "name": "17339", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17339" + }, + { + "name": "SUSE-SR:2005:027", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3025.json b/2005/3xxx/CVE-2005-3025.json index c3064b22a2e..7df44e90ef2 100644 --- a/2005/3xxx/CVE-2005-3025.json +++ b/2005/3xxx/CVE-2005-3025.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the loc parameter to (1) modcp/index.php or (2) admincp/index.php, or the ip parameter to (3) modcp/user.php or (4) admincp/usertitle.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050920 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112732980702939&w=2" - }, - { - "name" : "http://morph3us.org/advisories/20050917-vbulletin-3.0.7.txt", - "refsource" : "MISC", - "url" : "http://morph3us.org/advisories/20050917-vbulletin-3.0.7.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the loc parameter to (1) modcp/index.php or (2) admincp/index.php, or the ip parameter to (3) modcp/user.php or (4) admincp/usertitle.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050920 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112732980702939&w=2" + }, + { + "name": "http://morph3us.org/advisories/20050917-vbulletin-3.0.7.txt", + "refsource": "MISC", + "url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.7.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3063.json b/2005/3xxx/CVE-2005-3063.json index fa36b66aa6f..d2def882f17 100644 --- a/2005/3xxx/CVE-2005-3063.json +++ b/2005/3xxx/CVE-2005-3063.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in MailGust 1.9 allows remote attackers to execute arbitrary SQL commands via the email field on the password reminder page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050924 MailGust 1.9 SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112758146618234&w=2" - }, - { - "name" : "http://rgod.altervista.org/maildisgust.html", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/maildisgust.html" - }, - { - "name" : "14933", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14933" - }, - { - "name" : "16937", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16937/" - }, - { - "name" : "21", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/21" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in MailGust 1.9 allows remote attackers to execute arbitrary SQL commands via the email field on the password reminder page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14933", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14933" + }, + { + "name": "20050924 MailGust 1.9 SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112758146618234&w=2" + }, + { + "name": "16937", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16937/" + }, + { + "name": "21", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/21" + }, + { + "name": "http://rgod.altervista.org/maildisgust.html", + "refsource": "MISC", + "url": "http://rgod.altervista.org/maildisgust.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3108.json b/2005/3xxx/CVE-2005-3108.json index e9929fa788a..350cd25f862 100644 --- a/2005/3xxx/CVE-2005-3108.json +++ b/2005/3xxx/CVE-2005-3108.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to cause a denial of service or an information leak via an ioremap on a certain memory map that causes the iounmap to perform a lookup of a page that does not exist." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=93ef70a217637ade3f335303a112b22a134a1ec2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=93ef70a217637ade3f335303a112b22a134a1ec2" - }, - { - "name" : "DSA-922", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-922" - }, - { - "name" : "RHSA-2005:808", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-808.html" - }, - { - "name" : "USN-199-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-199-1" - }, - { - "name" : "15049", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15049" - }, - { - "name" : "oval:org.mitre.oval:def:11322", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11322" - }, - { - "name" : "17364", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17364" - }, - { - "name" : "18056", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18056" - }, - { - "name" : "17141", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17141" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to cause a denial of service or an information leak via an ioremap on a certain memory map that causes the iounmap to perform a lookup of a page that does not exist." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2005:808", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-808.html" + }, + { + "name": "18056", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18056" + }, + { + "name": "17364", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17364" + }, + { + "name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=93ef70a217637ade3f335303a112b22a134a1ec2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=93ef70a217637ade3f335303a112b22a134a1ec2" + }, + { + "name": "oval:org.mitre.oval:def:11322", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11322" + }, + { + "name": "DSA-922", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-922" + }, + { + "name": "15049", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15049" + }, + { + "name": "17141", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17141" + }, + { + "name": "USN-199-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-199-1" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3312.json b/2005/3xxx/CVE-2005-3312.json index eb7e54c07cb..7cb8da68e86 100644 --- a/2005/3xxx/CVE-2005-3312.json +++ b/2005/3xxx/CVE-2005-3312.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response and file extension indicate that it should be treated as a different file type." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1746", - "refsource" : "MISC", - "url" : "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1746" - }, - { - "name" : "http://www.computec.ch/download.php?view.683", - "refsource" : "MISC", - "url" : "http://www.computec.ch/download.php?view.683" - }, - { - "name" : "http://www.securiteam.com/windowsntfocus/6F00B00EBY.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/windowsntfocus/6F00B00EBY.html" - }, - { - "name" : "20051022 phpBB 2.0.17 (and other BB systems as well) Cookie disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113017003617987&w=2" - }, - { - "name" : "18", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/18" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response and file extension indicate that it should be treated as a different file type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1746", + "refsource": "MISC", + "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1746" + }, + { + "name": "http://www.securiteam.com/windowsntfocus/6F00B00EBY.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/windowsntfocus/6F00B00EBY.html" + }, + { + "name": "http://www.computec.ch/download.php?view.683", + "refsource": "MISC", + "url": "http://www.computec.ch/download.php?view.683" + }, + { + "name": "18", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/18" + }, + { + "name": "20051022 phpBB 2.0.17 (and other BB systems as well) Cookie disclosure", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113017003617987&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3497.json b/2005/3xxx/CVE-2005-3497.json index f2dd755570f..89bca26a86b 100644 --- a/2005/3xxx/CVE-2005-3497.json +++ b/2005/3xxx/CVE-2005-3497.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3497", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** SQL injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to execute arbitrary SQL commands via the serviceid parameter. NOTE: on 20060210, the vendor disputed this issue, saying \"this is 100% false reporting, this is a slander campaign from a customer who had a vulnerability in his SERVER not the software.\" However, followup investigation strongly suggests that the original report is correct." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3497", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zone-h.org/advisories/read/id=8360", - "refsource" : "MISC", - "url" : "http://www.zone-h.org/advisories/read/id=8360" - }, - { - "name" : "15298", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15298" - }, - { - "name" : "ADV-2005-2292", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2292" - }, - { - "name" : "20481", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20481" - }, - { - "name" : "17412", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17412" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** SQL injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to execute arbitrary SQL commands via the serviceid parameter. NOTE: on 20060210, the vendor disputed this issue, saying \"this is 100% false reporting, this is a slander campaign from a customer who had a vulnerability in his SERVER not the software.\" However, followup investigation strongly suggests that the original report is correct." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20481", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20481" + }, + { + "name": "15298", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15298" + }, + { + "name": "http://www.zone-h.org/advisories/read/id=8360", + "refsource": "MISC", + "url": "http://www.zone-h.org/advisories/read/id=8360" + }, + { + "name": "ADV-2005-2292", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2292" + }, + { + "name": "17412", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17412" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3853.json b/2005/3xxx/CVE-2005-3853.json index 0f9faa0482f..828af208cf4 100644 --- a/2005/3xxx/CVE-2005-3853.json +++ b/2005/3xxx/CVE-2005-3853.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3853", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in snews.php in sNews 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) category parameters to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/snews-13-sql-injection.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/snews-13-sql-injection.html" - }, - { - "name" : "ADV-2005-2585", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2585" - }, - { - "name" : "21093", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21093" - }, - { - "name" : "17688", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17688" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in snews.php in sNews 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) category parameters to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21093", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21093" + }, + { + "name": "17688", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17688" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/snews-13-sql-injection.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/snews-13-sql-injection.html" + }, + { + "name": "ADV-2005-2585", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2585" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4215.json b/2005/4xxx/CVE-2005-4215.json index 72d1f0db613..891168aef87 100644 --- a/2005/4xxx/CVE-2005-4215.json +++ b/2005/4xxx/CVE-2005-4215.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Motorola SB5100E Cable Modem allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051209 Motorola SB5100E Cable Modem DoS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113416527000313&w=2" - }, - { - "name" : "15795", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15795" - }, - { - "name" : "ADV-2005-2864", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2864" - }, - { - "name" : "17996", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Motorola SB5100E Cable Modem allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15795", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15795" + }, + { + "name": "17996", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17996" + }, + { + "name": "20051209 Motorola SB5100E Cable Modem DoS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113416527000313&w=2" + }, + { + "name": "ADV-2005-2864", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2864" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2124.json b/2009/2xxx/CVE-2009-2124.json index 2d8b711feb9..b42f10667be 100644 --- a/2009/2xxx/CVE-2009-2124.json +++ b/2009/2xxx/CVE-2009-2124.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in page.php in Elvin 1.2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8953", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8953" - }, - { - "name" : "35486", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in page.php in Elvin 1.2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35486", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35486" + }, + { + "name": "8953", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8953" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2203.json b/2009/2xxx/CVE-2009-2203.json index 89613f649b4..9da09a00a17 100644 --- a/2009/2xxx/CVE-2009-2203.json +++ b/2009/2xxx/CVE-2009-2203.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG-4 video file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3859", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3859" - }, - { - "name" : "http://support.apple.com/kb/HT3937", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3937" - }, - { - "name" : "APPLE-SA-2009-09-09-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00002.html" - }, - { - "name" : "APPLE-SA-2009-11-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" - }, - { - "name" : "36328", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36328" - }, - { - "name" : "oval:org.mitre.oval:def:5672", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5672" - }, - { - "name" : "ADV-2009-3184", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG-4 video file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:5672", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5672" + }, + { + "name": "http://support.apple.com/kb/HT3859", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3859" + }, + { + "name": "36328", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36328" + }, + { + "name": "APPLE-SA-2009-09-09-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00002.html" + }, + { + "name": "ADV-2009-3184", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3184" + }, + { + "name": "APPLE-SA-2009-11-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT3937", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3937" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2243.json b/2009/2xxx/CVE-2009-2243.json index 00125310b33..27854e752df 100644 --- a/2009/2xxx/CVE-2009-2243.json +++ b/2009/2xxx/CVE-2009-2243.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35187", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35187" - }, - { - "name" : "aspinline-activeappointments-sql-injection(50667)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50667" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aspinline-activeappointments-sql-injection(50667)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50667" + }, + { + "name": "35187", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35187" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2271.json b/2009/2xxx/CVE-2009-2271.json index 9942d8f367b..22419200321 100644 --- a/2009/2xxx/CVE-2009-2271.json +++ b/2009/2xxx/CVE-2009-2271.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and has (2) a default password of admin for the admin account in the telnet interface; which makes it easier for remote attackers to obtain access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090630 Multiple Flaws in Huawei D100", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504645/100/0/threaded" - }, - { - "name" : "35638", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and has (2) a default password of admin for the admin account in the telnet interface; which makes it easier for remote attackers to obtain access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090630 Multiple Flaws in Huawei D100", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504645/100/0/threaded" + }, + { + "name": "35638", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35638" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3137.json b/2009/3xxx/CVE-2009-3137.json index 80378b1cddc..c970eb1ed8c 100644 --- a/2009/3xxx/CVE-2009-3137.json +++ b/2009/3xxx/CVE-2009-3137.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3137", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2009-3137", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3508.json b/2009/3xxx/CVE-2009-3508.json index 11dacae26c4..d635863a80c 100644 --- a/2009/3xxx/CVE-2009-3508.json +++ b/2009/3xxx/CVE-2009-3508.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in MUJE CMS 1.0.4.34 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) _class parameter to admin.php and the (2) url parameter to install/install.php; and allow remote authenticated administrators to read arbitrary files via a .. (dot dot) in the (3) _htmlfile parameter to admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9314", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9314" - }, - { - "name" : "36079", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36079" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in MUJE CMS 1.0.4.34 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) _class parameter to admin.php and the (2) url parameter to install/install.php; and allow remote authenticated administrators to read arbitrary files via a .. (dot dot) in the (3) _htmlfile parameter to admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9314", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9314" + }, + { + "name": "36079", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36079" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3633.json b/2009/3xxx/CVE-2009-3633.json index 63d8b150a61..c5a50cf4cdc 100644 --- a/2009/3xxx/CVE-2009-3633.json +++ b/2009/3xxx/CVE-2009-3633.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20091023 Re: CVE id request: typo3", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125632856206736&w=2" - }, - { - "name" : "[oss-security] 20091023 Re: CVE id request: typo3", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125633199111438&w=2" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/" - }, - { - "name" : "36801", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36801" - }, - { - "name" : "37122", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37122" - }, - { - "name" : "ADV-2009-3009", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3009" - }, - { - "name" : "typo3-t3libdivquotejsvalue-xss(53925)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53925" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/" + }, + { + "name": "37122", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37122" + }, + { + "name": "typo3-t3libdivquotejsvalue-xss(53925)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53925" + }, + { + "name": "[oss-security] 20091023 Re: CVE id request: typo3", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125633199111438&w=2" + }, + { + "name": "[oss-security] 20091023 Re: CVE id request: typo3", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125632856206736&w=2" + }, + { + "name": "ADV-2009-3009", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3009" + }, + { + "name": "36801", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36801" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3958.json b/2009/3xxx/CVE-2009-3958.json index 1199742bf25..b56dd925ed3 100644 --- a/2009/3xxx/CVE-2009-3958.json +++ b/2009/3xxx/CVE-2009-3958.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2009-3958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-02.html" - }, - { - "name" : "SUSE-SA:2010:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html" - }, - { - "name" : "TA10-013A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-013A.html" - }, - { - "name" : "VU#773545", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/773545" - }, - { - "name" : "37759", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37759" - }, - { - "name" : "oval:org.mitre.oval:def:8455", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8455" - }, - { - "name" : "1023446", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023446" - }, - { - "name" : "ADV-2010-0103", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0103" - }, - { - "name" : "acrobat-reader-download-manager-bo(55556)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55556" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:8455", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8455" + }, + { + "name": "37759", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37759" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-02.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html" + }, + { + "name": "ADV-2010-0103", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0103" + }, + { + "name": "1023446", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023446" + }, + { + "name": "acrobat-reader-download-manager-bo(55556)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55556" + }, + { + "name": "VU#773545", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/773545" + }, + { + "name": "SUSE-SA:2010:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html" + }, + { + "name": "TA10-013A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4638.json b/2009/4xxx/CVE-2009-4638.json index 1e1c66b4632..a23c9e1ae51 100644 --- a/2009/4xxx/CVE-2009-4638.json +++ b/2009/4xxx/CVE-2009-4638.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4638", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html", - "refsource" : "MISC", - "url" : "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html" - }, - { - "name" : "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240", - "refsource" : "MISC", - "url" : "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240" - }, - { - "name" : "DSA-2000", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2000" - }, - { - "name" : "36465", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36465" - }, - { - "name" : "36805", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36805" - }, - { - "name" : "38643", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38643" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36805", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36805" + }, + { + "name": "36465", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36465" + }, + { + "name": "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240", + "refsource": "MISC", + "url": "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240" + }, + { + "name": "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html", + "refsource": "MISC", + "url": "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html" + }, + { + "name": "38643", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38643" + }, + { + "name": "DSA-2000", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2000" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0013.json b/2015/0xxx/CVE-2015-0013.json index d016096036d..dbd0978c7b9 100644 --- a/2015/0xxx/CVE-2015-0013.json +++ b/2015/0xxx/CVE-2015-0013.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0013", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-0013", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0177.json b/2015/0xxx/CVE-2015-0177.json index ab01ff70976..de13157e1ec 100644 --- a/2015/0xxx/CVE-2015-0177.json +++ b/2015/0xxx/CVE-2015-0177.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21697213", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21697213" - }, - { - "name" : "PI35228", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI35228" - }, - { - "name" : "1031880", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031880" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21697213", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697213" + }, + { + "name": "1031880", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031880" + }, + { + "name": "PI35228", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI35228" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0263.json b/2015/0xxx/CVE-2015-0263.json index be358257919..45fdcaf1a2f 100644 --- a/2015/0xxx/CVE-2015-0263.json +++ b/2015/0xxx/CVE-2015-0263.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-0263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc", - "refsource" : "CONFIRM", - "url" : "https://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc" - }, - { - "name" : "https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=7d19340bcdb42f7aae584d9c5003ac4f7ddaee36", - "refsource" : "CONFIRM", - "url" : "https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=7d19340bcdb42f7aae584d9c5003ac4f7ddaee36" - }, - { - "name" : "RHSA-2015:1041", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1041.html" - }, - { - "name" : "RHSA-2015:1538", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1538.html" - }, - { - "name" : "RHSA-2015:1539", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1539.html" - }, - { - "name" : "1032442", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1539", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1539.html" + }, + { + "name": "RHSA-2015:1041", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1041.html" + }, + { + "name": "https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=7d19340bcdb42f7aae584d9c5003ac4f7ddaee36", + "refsource": "CONFIRM", + "url": "https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=7d19340bcdb42f7aae584d9c5003ac4f7ddaee36" + }, + { + "name": "RHSA-2015:1538", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1538.html" + }, + { + "name": "1032442", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032442" + }, + { + "name": "https://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc", + "refsource": "CONFIRM", + "url": "https://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0755.json b/2015/0xxx/CVE-2015-0755.json index 72d3451c520..d5dcf400041 100644 --- a/2015/0xxx/CVE-2015-0755.json +++ b/2015/0xxx/CVE-2015-0755.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4.0(64), allows local users to gain privileges via unspecified commands, aka Bug ID CSCut05797." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150527 Cisco Identity Services Engine Privilege Escalation Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39018" - }, - { - "name" : "1032424", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032424" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4.0(64), allows local users to gain privileges via unspecified commands, aka Bug ID CSCut05797." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032424", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032424" + }, + { + "name": "20150527 Cisco Identity Services Engine Privilege Escalation Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39018" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0768.json b/2015/0xxx/CVE-2015-0768.json index eb7523ec484..f53bdeca90f 100644 --- a/2015/0xxx/CVE-2015-0768.json +++ b/2015/0xxx/CVE-2015-0768.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Device Work Center (DWC) component in Cisco Prime Network Control System (NCS) 2.1(0.0.85), 2.2(0.0.58), and 2.2(0.0.69) does not properly implement AAA roles, which allows remote authenticated users to bypass intended access restrictions and execute commands via a login session, aka Bug ID CSCur27371." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150609 Cisco Prime Network Control System Unauthorized Configuration Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39192" - }, - { - "name" : "1032541", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Device Work Center (DWC) component in Cisco Prime Network Control System (NCS) 2.1(0.0.85), 2.2(0.0.58), and 2.2(0.0.69) does not properly implement AAA roles, which allows remote authenticated users to bypass intended access restrictions and execute commands via a login session, aka Bug ID CSCur27371." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150609 Cisco Prime Network Control System Unauthorized Configuration Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39192" + }, + { + "name": "1032541", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032541" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1579.json b/2015/1xxx/CVE-2015-1579.json index 70d55595402..f04af7e9464 100644 --- a/2015/1xxx/CVE-2015-1579.json +++ b/2015/1xxx/CVE-2015-1579.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "36039", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/36039" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/7540", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/7540" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wpvulndb.com/vulnerabilities/7540", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/7540" + }, + { + "name": "36039", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/36039" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1637.json b/2015/1xxx/CVE-2015-1637.json index a5b5336b8d4..18906be8ea5 100644 --- a/2015/1xxx/CVE-2015-1637.json +++ b/2015/1xxx/CVE-2015-1637.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1637", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1067." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://freakattack.com/", - "refsource" : "MISC", - "url" : "https://freakattack.com/" - }, - { - "name" : "https://technet.microsoft.com/library/security/3046015", - "refsource" : "CONFIRM", - "url" : "https://technet.microsoft.com/library/security/3046015" - }, - { - "name" : "MS15-031", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-031" - }, - { - "name" : "72965", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72965" - }, - { - "name" : "1031833", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031833" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1067." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://technet.microsoft.com/library/security/3046015", + "refsource": "CONFIRM", + "url": "https://technet.microsoft.com/library/security/3046015" + }, + { + "name": "1031833", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031833" + }, + { + "name": "72965", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72965" + }, + { + "name": "https://freakattack.com/", + "refsource": "MISC", + "url": "https://freakattack.com/" + }, + { + "name": "MS15-031", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-031" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1659.json b/2015/1xxx/CVE-2015-1659.json index f14ea3d8710..935d884e2bf 100644 --- a/2015/1xxx/CVE-2015-1659.json +++ b/2015/1xxx/CVE-2015-1659.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1662 and CVE-2015-1665." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-032", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-032" - }, - { - "name" : "73994", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73994" - }, - { - "name" : "1032108", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032108" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1662 and CVE-2015-1665." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "73994", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73994" + }, + { + "name": "1032108", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032108" + }, + { + "name": "MS15-032", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-032" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4056.json b/2015/4xxx/CVE-2015-4056.json index 895d825d699..8ee24b334b4 100644 --- a/2015/4xxx/CVE-2015-4056.json +++ b/2015/4xxx/CVE-2015-4056.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4056", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4056", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150617 VCE3570: VCE Vision(TM) Intelligent Operations Cryptographic and Cleartext Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2015/Jun/91" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150617 VCE3570: VCE Vision(TM) Intelligent Operations Cryptographic and Cleartext Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2015/Jun/91" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4165.json b/2015/4xxx/CVE-2015-4165.json index 349e2bc5734..f3c23a382d1 100644 --- a/2015/4xxx/CVE-2015-4165.json +++ b/2015/4xxx/CVE-2015-4165.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and execute from, allows remote authenticated users to write to and create arbitrary snapshot metadata files, and potentially execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150609 Elasticsearch vulnerability CVE-2015-4165", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535727/100/0/threaded" - }, - { - "name" : "20151106 Elasticsearch vulnerability CVE-2015-4165", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536855/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/132234/Elasticsearch-1.5.2-File-Creation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132234/Elasticsearch-1.5.2-File-Creation.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1230761", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1230761" - }, - { - "name" : "https://www.elastic.co/community/security/", - "refsource" : "CONFIRM", - "url" : "https://www.elastic.co/community/security/" - }, - { - "name" : "75113", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and execute from, allows remote authenticated users to write to and create arbitrary snapshot metadata files, and potentially execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/132234/Elasticsearch-1.5.2-File-Creation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132234/Elasticsearch-1.5.2-File-Creation.html" + }, + { + "name": "20150609 Elasticsearch vulnerability CVE-2015-4165", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535727/100/0/threaded" + }, + { + "name": "75113", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75113" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1230761", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1230761" + }, + { + "name": "20151106 Elasticsearch vulnerability CVE-2015-4165", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536855/100/0/threaded" + }, + { + "name": "https://www.elastic.co/community/security/", + "refsource": "CONFIRM", + "url": "https://www.elastic.co/community/security/" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4338.json b/2015/4xxx/CVE-2015-4338.json index d4f0378b0c9..c6a8952b5f5 100644 --- a/2015/4xxx/CVE-2015-4338.json +++ b/2015/4xxx/CVE-2015-4338.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4338", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LM_FRONT_* field for a language, as demonstrated by language/italian.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4338", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/132107/WordPress-XCloner-3.1.2-XSS-Command-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132107/WordPress-XCloner-3.1.2-XSS-Command-Execution.html" - }, - { - "name" : "http://www.vapid.dhs.org/advisory.php?v=121", - "refsource" : "MISC", - "url" : "http://www.vapid.dhs.org/advisory.php?v=121" - }, - { - "name" : "74943", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74943" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LM_FRONT_* field for a language, as demonstrated by language/italian.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74943", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74943" + }, + { + "name": "http://packetstormsecurity.com/files/132107/WordPress-XCloner-3.1.2-XSS-Command-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132107/WordPress-XCloner-3.1.2-XSS-Command-Execution.html" + }, + { + "name": "http://www.vapid.dhs.org/advisory.php?v=121", + "refsource": "MISC", + "url": "http://www.vapid.dhs.org/advisory.php?v=121" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4765.json b/2015/4xxx/CVE-2015-4765.json index cda316bb9c3..ee335e45da8 100644 --- a/2015/4xxx/CVE-2015-4765.json +++ b/2015/4xxx/CVE-2015-4765.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect integrity via vectors related to OAM Dashboard." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "1032926", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032926" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect integrity via vectors related to OAM Dashboard." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "1032926", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032926" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5729.json b/2015/5xxx/CVE-2015-5729.json index 225aa671a9e..bdf018f0ae1 100644 --- a/2015/5xxx/CVE-2015-5729.json +++ b/2015/5xxx/CVE-2015-5729.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and Xpress M288OFW printers generate weak WPA2 PSK keys, which makes it easier for remote attackers to obtain sensitive information or bypass authentication via a brute-force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151218 Samsung softap weak random generated password", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Dec/79" - }, - { - "name" : "http://kaoticoneutral.blogspot.com.ar/2015/12/samsung-smarttv-and-printers-weak.html", - "refsource" : "MISC", - "url" : "http://kaoticoneutral.blogspot.com.ar/2015/12/samsung-smarttv-and-printers-weak.html" - }, - { - "name" : "http://packetstormsecurity.com/files/134976/Samsung-SoftAP-Weak-Password.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/134976/Samsung-SoftAP-Weak-Password.html" - }, - { - "name" : "79675", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/79675" - }, - { - "name" : "1034503", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034503" - }, - { - "name" : "1034504", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034504" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and Xpress M288OFW printers generate weak WPA2 PSK keys, which makes it easier for remote attackers to obtain sensitive information or bypass authentication via a brute-force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/134976/Samsung-SoftAP-Weak-Password.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/134976/Samsung-SoftAP-Weak-Password.html" + }, + { + "name": "1034503", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034503" + }, + { + "name": "79675", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/79675" + }, + { + "name": "20151218 Samsung softap weak random generated password", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Dec/79" + }, + { + "name": "http://kaoticoneutral.blogspot.com.ar/2015/12/samsung-smarttv-and-printers-weak.html", + "refsource": "MISC", + "url": "http://kaoticoneutral.blogspot.com.ar/2015/12/samsung-smarttv-and-printers-weak.html" + }, + { + "name": "1034504", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034504" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9076.json b/2015/9xxx/CVE-2015-9076.json index 2bc41147000..0629b4107ab 100644 --- a/2015/9xxx/CVE-2015-9076.json +++ b/2015/9xxx/CVE-2015-9076.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-9076", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9076", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2699.json b/2018/2xxx/CVE-2018-2699.json index 3f42c0def90..d46d63671c1 100644 --- a/2018/2xxx/CVE-2018-2699.json +++ b/2018/2xxx/CVE-2018-2699.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Application Express", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "5.1.4.00.08" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Application Express component of Oracle Database Server. The supported version that is affected is Prior to 5.1.4.00.08. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Express accessible data as well as unauthorized read access to a subset of Application Express accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Express accessible data as well as unauthorized read access to a subset of Application Express accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Express", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.1.4.00.08" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102563", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102563" - }, - { - "name" : "1040196", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040196" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Application Express component of Oracle Database Server. The supported version that is affected is Prior to 5.1.4.00.08. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Express accessible data as well as unauthorized read access to a subset of Application Express accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Express accessible data as well as unauthorized read access to a subset of Application Express accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102563", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102563" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "1040196", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040196" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3238.json b/2018/3xxx/CVE-2018-3238.json index 680a8d84c39..1b26d5b68ca 100644 --- a/2018/3xxx/CVE-2018-3238.json +++ b/2018/3xxx/CVE-2018-3238.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3238", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebCenter Sites", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.1.1.8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is 11.1.1.8.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 6.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3238", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebCenter Sites", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.1.1.8.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105640", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is 11.1.1.8.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 6.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "105640", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105640" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3502.json b/2018/3xxx/CVE-2018-3502.json index f7a5073b240..a595b71e7ad 100644 --- a/2018/3xxx/CVE-2018-3502.json +++ b/2018/3xxx/CVE-2018-3502.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3502", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3502", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3566.json b/2018/3xxx/CVE-2018-3566.json index e98b808870a..aef3b205529 100644 --- a/2018/3xxx/CVE-2018-3566.json +++ b/2018/3xxx/CVE-2018-3566.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2018-3566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overwrite may occur in ProcSetReqInternal() due to missing length check." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy without Checking Size of Input in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2018-3566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overwrite may occur in ProcSetReqInternal() due to missing length check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy without Checking Size of Input in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3728.json b/2018/3xxx/CVE-2018-3728.json index 639893d56bb..56b78377aa7 100644 --- a/2018/3xxx/CVE-2018-3728.json +++ b/2018/3xxx/CVE-2018-3728.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2018-3728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "hoek node module", - "version" : { - "version_data" : [ - { - "version_value" : "Versions before 5.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "hapi" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Modification of Assumed-Immutable Data (MAID) (CWE-471)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2018-3728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "hoek node module", + "version": { + "version_data": [ + { + "version_value": "Versions before 5.0.3" + } + ] + } + } + ] + }, + "vendor_name": "hapi" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/310439", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/310439" - }, - { - "name" : "https://snyk.io/vuln/npm:hoek:20180212", - "refsource" : "MISC", - "url" : "https://snyk.io/vuln/npm:hoek:20180212" - }, - { - "name" : "https://github.com/hapijs/hoek/commit/32ed5c9413321fbc37da5ca81a7cbab693786dee", - "refsource" : "CONFIRM", - "url" : "https://github.com/hapijs/hoek/commit/32ed5c9413321fbc37da5ca81a7cbab693786dee" - }, - { - "name" : "https://nodesecurity.io/advisories/566", - "refsource" : "CONFIRM", - "url" : "https://nodesecurity.io/advisories/566" - }, - { - "name" : "RHSA-2018:1263", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1263" - }, - { - "name" : "RHSA-2018:1264", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1264" - }, - { - "name" : "103108", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103108" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Modification of Assumed-Immutable Data (MAID) (CWE-471)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/hapijs/hoek/commit/32ed5c9413321fbc37da5ca81a7cbab693786dee", + "refsource": "CONFIRM", + "url": "https://github.com/hapijs/hoek/commit/32ed5c9413321fbc37da5ca81a7cbab693786dee" + }, + { + "name": "https://hackerone.com/reports/310439", + "refsource": "MISC", + "url": "https://hackerone.com/reports/310439" + }, + { + "name": "103108", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103108" + }, + { + "name": "RHSA-2018:1264", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1264" + }, + { + "name": "RHSA-2018:1263", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1263" + }, + { + "name": "https://snyk.io/vuln/npm:hoek:20180212", + "refsource": "MISC", + "url": "https://snyk.io/vuln/npm:hoek:20180212" + }, + { + "name": "https://nodesecurity.io/advisories/566", + "refsource": "CONFIRM", + "url": "https://nodesecurity.io/advisories/566" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6213.json b/2018/6xxx/CVE-2018-6213.json index dc3bf031ddc..13ad70a2744 100644 --- a/2018/6xxx/CVE-2018-6213.json +++ b/2018/6xxx/CVE-2018-6213.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securitynewspaper.com/2018/05/25/d-link-dir-620-routers-critical-vulnerabilities/", - "refsource" : "MISC", - "url" : "http://www.securitynewspaper.com/2018/05/25/d-link-dir-620-routers-critical-vulnerabilities/" - }, - { - "name" : "https://securelist.com/backdoors-in-d-links-backyard/85530/", - "refsource" : "MISC", - "url" : "https://securelist.com/backdoors-in-d-links-backyard/85530/" - }, - { - "name" : "https://securityaffairs.co/wordpress/72839/hacking/d-link-dir-620-flaws.html", - "refsource" : "MISC", - "url" : "https://securityaffairs.co/wordpress/72839/hacking/d-link-dir-620-flaws.html" - }, - { - "name" : "https://www.bleepingcomputer.com/news/security/backdoor-account-found-in-d-link-dir-620-routers/", - "refsource" : "MISC", - "url" : "https://www.bleepingcomputer.com/news/security/backdoor-account-found-in-d-link-dir-620-routers/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://securityaffairs.co/wordpress/72839/hacking/d-link-dir-620-flaws.html", + "refsource": "MISC", + "url": "https://securityaffairs.co/wordpress/72839/hacking/d-link-dir-620-flaws.html" + }, + { + "name": "https://www.bleepingcomputer.com/news/security/backdoor-account-found-in-d-link-dir-620-routers/", + "refsource": "MISC", + "url": "https://www.bleepingcomputer.com/news/security/backdoor-account-found-in-d-link-dir-620-routers/" + }, + { + "name": "https://securelist.com/backdoors-in-d-links-backyard/85530/", + "refsource": "MISC", + "url": "https://securelist.com/backdoors-in-d-links-backyard/85530/" + }, + { + "name": "http://www.securitynewspaper.com/2018/05/25/d-link-dir-620-routers-critical-vulnerabilities/", + "refsource": "MISC", + "url": "http://www.securitynewspaper.com/2018/05/25/d-link-dir-620-routers-critical-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6316.json b/2018/6xxx/CVE-2018-6316.json index dc774d64d51..1060732d8fa 100644 --- a/2018/6xxx/CVE-2018-6316.json +++ b/2018/6xxx/CVE-2018-6316.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ivanti Endpoint Security (formerly HEAT Endpoint Management and Security Suite) 8.5 Update 1 and earlier allows an authenticated user with low privileges and access to the local network to bypass application whitelisting when using the Application Control module on Ivanti Endpoint Security in lockdown mode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.ivanti.com/docs/DOC-65656", - "refsource" : "CONFIRM", - "url" : "https://community.ivanti.com/docs/DOC-65656" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ivanti Endpoint Security (formerly HEAT Endpoint Management and Security Suite) 8.5 Update 1 and earlier allows an authenticated user with low privileges and access to the local network to bypass application whitelisting when using the Application Control module on Ivanti Endpoint Security in lockdown mode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://community.ivanti.com/docs/DOC-65656", + "refsource": "CONFIRM", + "url": "https://community.ivanti.com/docs/DOC-65656" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6949.json b/2018/6xxx/CVE-2018-6949.json index 17465e3b382..3b3b8b61ce4 100644 --- a/2018/6xxx/CVE-2018-6949.json +++ b/2018/6xxx/CVE-2018-6949.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6949", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6949", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6997.json b/2018/6xxx/CVE-2018-6997.json index 7912eab7957..4441be40211 100644 --- a/2018/6xxx/CVE-2018-6997.json +++ b/2018/6xxx/CVE-2018-6997.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6997", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-6997", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7084.json b/2018/7xxx/CVE-2018-7084.json index 88997680c5c..c8bb301082f 100644 --- a/2018/7xxx/CVE-2018-7084.json +++ b/2018/7xxx/CVE-2018-7084.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7084", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7084", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7247.json b/2018/7xxx/CVE-2018-7247.json index 66ec794cd79..c140ca02978 100644 --- a/2018/7xxx/CVE-2018-7247.json +++ b/2018/7xxx/CVE-2018-7247.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input (rootname) can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/DanBloomberg/leptonica/commit/c1079bb8e77cdd426759e466729917ca37a3ed9f", - "refsource" : "MISC", - "url" : "https://github.com/DanBloomberg/leptonica/commit/c1079bb8e77cdd426759e466729917ca37a3ed9f" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input (rootname) can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/DanBloomberg/leptonica/commit/c1079bb8e77cdd426759e466729917ca37a3ed9f", + "refsource": "MISC", + "url": "https://github.com/DanBloomberg/leptonica/commit/c1079bb8e77cdd426759e466729917ca37a3ed9f" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7259.json b/2018/7xxx/CVE-2018-7259.json index 24b890d1070..ce443a0071b 100644 --- a/2018/7xxx/CVE-2018-7259.json +++ b/2018/7xxx/CVE-2018-7259.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7259", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user's Google account credentials to http://installLog.flightsimlabs.com/LogHandler3.ashx if a pirated serial number has been entered, which allows remote attackers to obtain sensitive information, e.g., by sniffing the network for cleartext HTTP traffic. This behavior was removed in 2.0.1.232." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7259", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://forums.flightsimlabs.com/index.php?/topic/16210-malware-in-installer/", - "refsource" : "MISC", - "url" : "https://forums.flightsimlabs.com/index.php?/topic/16210-malware-in-installer/" - }, - { - "name" : "https://medium.com/@lukegorman97/flightsimlabs-alleged-malware-analysis-1427c4d23368", - "refsource" : "MISC", - "url" : "https://medium.com/@lukegorman97/flightsimlabs-alleged-malware-analysis-1427c4d23368" - }, - { - "name" : "https://www.reddit.com/r/flightsim/comments/7yh4zu/fslabs_a320_installer_seems_to_include_a_chrome/", - "refsource" : "MISC", - "url" : "https://www.reddit.com/r/flightsim/comments/7yh4zu/fslabs_a320_installer_seems_to_include_a_chrome/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user's Google account credentials to http://installLog.flightsimlabs.com/LogHandler3.ashx if a pirated serial number has been entered, which allows remote attackers to obtain sensitive information, e.g., by sniffing the network for cleartext HTTP traffic. This behavior was removed in 2.0.1.232." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.reddit.com/r/flightsim/comments/7yh4zu/fslabs_a320_installer_seems_to_include_a_chrome/", + "refsource": "MISC", + "url": "https://www.reddit.com/r/flightsim/comments/7yh4zu/fslabs_a320_installer_seems_to_include_a_chrome/" + }, + { + "name": "https://forums.flightsimlabs.com/index.php?/topic/16210-malware-in-installer/", + "refsource": "MISC", + "url": "https://forums.flightsimlabs.com/index.php?/topic/16210-malware-in-installer/" + }, + { + "name": "https://medium.com/@lukegorman97/flightsimlabs-alleged-malware-analysis-1427c4d23368", + "refsource": "MISC", + "url": "https://medium.com/@lukegorman97/flightsimlabs-alleged-malware-analysis-1427c4d23368" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7742.json b/2018/7xxx/CVE-2018-7742.json index 7fd7a24d746..2e5817e0eda 100644 --- a/2018/7xxx/CVE-2018-7742.json +++ b/2018/7xxx/CVE-2018-7742.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7742", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7742", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file