diff --git a/1999/0xxx/CVE-1999-0130.json b/1999/0xxx/CVE-1999-0130.json index ba7ac15cd77..4b6827346c6 100644 --- a/1999/0xxx/CVE-1999-0130.json +++ b/1999/0xxx/CVE-1999-0130.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Local users can start Sendmail in daemon mode and gain root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "716", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/716" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Local users can start Sendmail in daemon mode and gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "716", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/716" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0614.json b/1999/0xxx/CVE-1999-0614.json index c20f6d51a96..25ef5f4b896 100644 --- a/1999/0xxx/CVE-1999-0614.json +++ b/1999/0xxx/CVE-1999-0614.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0614", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: \"The FTP service is running.\"" - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-1999-0614", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: \"The FTP service is running.\"" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0631.json b/1999/0xxx/CVE-1999-0631.json index 4ef44dce0ef..1e19aa5d77e 100644 --- a/1999/0xxx/CVE-1999-0631.json +++ b/1999/0xxx/CVE-1999-0631.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0631", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: \"The NFS service is running.\"" - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-1999-0631", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: \"The NFS service is running.\"" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0841.json b/1999/0xxx/CVE-1999-0841.json index 5a27efb102f..5ea590eac2e 100644 --- a/1999/0xxx/CVE-1999-0841.json +++ b/1999/0xxx/CVE-1999-0841.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in CDE mailtool allows local users to gain root privileges via a long MIME Content-Type." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19991129 Solaris7 dtmail/dtmailpr/mailtool Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.security-express.com/archives/bugtraq/1999-q4/0122.html" - }, - { - "name" : "832", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/832" - }, - { - "name" : "http://www.securiteam.com/exploits/3J5QQPPQ0O.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/exploits/3J5QQPPQ0O.html" - }, - { - "name" : "cde-mailtool-bo(3732)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/3732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in CDE mailtool allows local users to gain root privileges via a long MIME Content-Type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19991129 Solaris7 dtmail/dtmailpr/mailtool Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.security-express.com/archives/bugtraq/1999-q4/0122.html" + }, + { + "name": "cde-mailtool-bo(3732)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/3732" + }, + { + "name": "http://www.securiteam.com/exploits/3J5QQPPQ0O.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/exploits/3J5QQPPQ0O.html" + }, + { + "name": "832", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/832" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1011.json b/1999/1xxx/CVE-1999-1011.json index 5568766b49c..ca8aaf0d0c7 100644 --- a/1999/1xxx/CVE-1999-1011.json +++ b/1999/1xxx/CVE-1999-1011.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS98-004", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-004" - }, - { - "name" : "MS99-025", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-025" - }, - { - "name" : "J-054", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/j-054.shtml" - }, - { - "name" : "529", - "refsource" : "BID", - "url" : "https://www.securityfocus.com/bid/529" - }, - { - "name" : "272", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/272" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS99-025", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-025" + }, + { + "name": "529", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/529" + }, + { + "name": "272", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/272" + }, + { + "name": "J-054", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/j-054.shtml" + }, + { + "name": "MS98-004", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-004" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1060.json b/1999/1xxx/CVE-1999-1060.json index 1d07092cdd4..0a015736a20 100644 --- a/1999/1xxx/CVE-1999-1060.json +++ b/1999/1xxx/CVE-1999-1060.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Tetrix TetriNet daemon 1.13.16 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by connecting to port 31457 from a host with a long DNS hostname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990217 Tetrix 1.13.16 is Vulnerable", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=91937090211855&w=2" - }, - { - "name" : "340", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/340" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Tetrix TetriNet daemon 1.13.16 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by connecting to port 31457 from a host with a long DNS hostname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "340", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/340" + }, + { + "name": "19990217 Tetrix 1.13.16 is Vulnerable", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=91937090211855&w=2" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1306.json b/1999/1xxx/CVE-1999-1306.json index dd07a0ad0cf..7f9507c4180 100644 --- a/1999/1xxx/CVE-1999-1306.json +++ b/1999/1xxx/CVE-1999-1306.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 9.1 and earlier does not properly handle extended IP access lists when the IP route cache is enabled and the \"established\" keyword is set, which could allow attackers to bypass filters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CA-1992-20", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-1992-20.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 9.1 and earlier does not properly handle extended IP access lists when the IP route cache is enabled and the \"established\" keyword is set, which could allow attackers to bypass filters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CA-1992-20", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-1992-20.html" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1361.json b/1999/1xxx/CVE-1999-1361.json index eb57ca9ebe3..a551de66a26 100644 --- a/1999/1xxx/CVE-1999-1361.json +++ b/1999/1xxx/CVE-1999-1361.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed packets, which causes the server to slow down and fill the event logs with error messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19980509 coke.c", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=90221101925891&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed packets, which causes the server to slow down and fill the event logs with error messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19980509 coke.c", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=90221101925891&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0190.json b/2000/0xxx/CVE-2000-0190.json index ade1c42bc0d..ec1783d8f8e 100644 --- a/2000/0xxx/CVE-2000-0190.json +++ b/2000/0xxx/CVE-2000-0190.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AOL Instant Messenger (AIM) client allows remote attackers to cause a denial of service via a message with a malformed ASCII value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000303 Aol Instant Messenger DoS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-03/0016.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AOL Instant Messenger (AIM) client allows remote attackers to cause a denial of service via a message with a malformed ASCII value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000303 Aol Instant Messenger DoS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-03/0016.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0192.json b/2000/0xxx/CVE-2000-0192.json index afaaa6a83da..7a64d6410fa 100644 --- a/2000/0xxx/CVE-2000-0192.json +++ b/2000/0xxx/CVE-2000-0192.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query, which allows remote attackers to determine what packages are installed on the system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000304 OpenLinux 2.3: rpm_query", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-03/0029.html" - }, - { - "name" : "1036", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1036" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query, which allows remote attackers to determine what packages are installed on the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1036" + }, + { + "name": "20000304 OpenLinux 2.3: rpm_query", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-03/0029.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0443.json b/2000/0xxx/CVE-2000-0443.json index d3d540e1ffc..923eaf8c6fc 100644 --- a/2000/0xxx/CVE-2000-0443.json +++ b/2000/0xxx/CVE-2000-0443.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web interface server in HP Web JetAdmin 5.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000524 HP Web JetAdmin Version 5.6 Web interface Server Directory Traversal Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-05/0281.html" - }, - { - "name" : "1243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1243" - }, - { - "name" : "1350", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1350" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web interface server in HP Web JetAdmin 5.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1350", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1350" + }, + { + "name": "20000524 HP Web JetAdmin Version 5.6 Web interface Server Directory Traversal Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0281.html" + }, + { + "name": "1243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1243" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0460.json b/2000/0xxx/CVE-2000-0460.json index 9e34dc94e38..53811e4282f 100644 --- a/2000/0xxx/CVE-2000-0460.json +++ b/2000/0xxx/CVE-2000-0460.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000526 KDE: /usr/bin/kdesud, gid = 0 exploit", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-05/0353.html" - }, - { - "name" : "1274", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1274" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1274", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1274" + }, + { + "name": "20000526 KDE: /usr/bin/kdesud, gid = 0 exploit", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0353.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0545.json b/2000/0xxx/CVE-2000-0545.json index 758df71dd2e..9c1b9f8d0f1 100644 --- a/2000/0xxx/CVE-2000-0545.json +++ b/2000/0xxx/CVE-2000-0545.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in mailx mail command (aka Mail) on Linux systems allows local users to gain privileges via a long -c (carbon copy) parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000602 /usr/bin/Mail exploit for Slackware 7.0 (mail-slack.c)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-05/0435.html" - }, - { - "name" : "20000605 mailx: mail group exploit in mailx", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2000/20000605" - }, - { - "name" : "1305", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1305" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in mailx mail command (aka Mail) on Linux systems allows local users to gain privileges via a long -c (carbon copy) parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1305", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1305" + }, + { + "name": "20000602 /usr/bin/Mail exploit for Slackware 7.0 (mail-slack.c)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0435.html" + }, + { + "name": "20000605 mailx: mail group exploit in mailx", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2000/20000605" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0607.json b/2000/0xxx/CVE-2000-0607.json index df7905fab6b..d8f902b3ad6 100644 --- a/2000/0xxx/CVE-2000-0607.json +++ b/2000/0xxx/CVE-2000-0607.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000619 Problems with \"kon2\" package", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006192340340.19998-100000@ferret.lmh.ox.ac.uk" - }, - { - "name" : "1371", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1371" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1371", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1371" + }, + { + "name": "20000619 Problems with \"kon2\" package", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006192340340.19998-100000@ferret.lmh.ox.ac.uk" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0970.json b/2000/0xxx/CVE-2000-0970.json index 2c00614ddcd..a0832aba3bb 100644 --- a/2000/0xxx/CVE-2000-0970.json +++ b/2000/0xxx/CVE-2000-0970.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the \"Session ID Cookie Marking\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.acrossecurity.com/aspr/ASPR-2000-07-22-1-PUB.txt", - "refsource" : "MISC", - "url" : "http://www.acrossecurity.com/aspr/ASPR-2000-07-22-1-PUB.txt" - }, - { - "name" : "MS00-080", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-080" - }, - { - "name" : "session-cookie-remote-retrieval(5396)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5396" - }, - { - "name" : "7265", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7265" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the \"Session ID Cookie Marking\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7265", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7265" + }, + { + "name": "session-cookie-remote-retrieval(5396)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5396" + }, + { + "name": "http://www.acrossecurity.com/aspr/ASPR-2000-07-22-1-PUB.txt", + "refsource": "MISC", + "url": "http://www.acrossecurity.com/aspr/ASPR-2000-07-22-1-PUB.txt" + }, + { + "name": "MS00-080", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-080" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1124.json b/2000/1xxx/CVE-2000-1124.json index 91b63987350..7a9ab4ae5b1 100644 --- a/2000/1xxx/CVE-2000-1124.json +++ b/2000/1xxx/CVE-2000-1124.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001201 Fixed local AIX V43 vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=97569466809056&w=2" - }, - { - "name" : "IY12638", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY12638&apar=only" - }, - { - "name" : "2037", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2037" - }, - { - "name" : "aix-piobe-bo(5616)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5616" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2037", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2037" + }, + { + "name": "20001201 Fixed local AIX V43 vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=97569466809056&w=2" + }, + { + "name": "aix-piobe-bo(5616)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5616" + }, + { + "name": "IY12638", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY12638&apar=only" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2676.json b/2005/2xxx/CVE-2005-2676.json index f5c0e0de80a..ee21b9e604f 100644 --- a/2005/2xxx/CVE-2005-2676.json +++ b/2005/2xxx/CVE-2005-2676.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2676", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://coppermine-gallery.net/forum/index.php?topic=20933.0", - "refsource" : "CONFIRM", - "url" : "http://coppermine-gallery.net/forum/index.php?topic=20933.0" - }, - { - "name" : "14625", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14625" - }, - { - "name" : "1014799", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014799" - }, - { - "name" : "16499", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16499" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://coppermine-gallery.net/forum/index.php?topic=20933.0", + "refsource": "CONFIRM", + "url": "http://coppermine-gallery.net/forum/index.php?topic=20933.0" + }, + { + "name": "16499", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16499" + }, + { + "name": "1014799", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014799" + }, + { + "name": "14625", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14625" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1282.json b/2007/1xxx/CVE-2007-1282.json index ad862ff8cb2..c2c7173edab 100644 --- a/2007/1xxx/CVE-2007-1282.json +++ b/2007/1xxx/CVE-2007-1282.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1282", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-1282", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-1336", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1336" - }, - { - "name" : "FEDORA-2007-308", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/cms/node/2747" - }, - { - "name" : "FEDORA-2007-309", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/cms/node/2749" - }, - { - "name" : "GLSA-200703-18", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200703-18.xml" - }, - { - "name" : "RHSA-2007:0078", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0078.html" - }, - { - "name" : "http://www.mozilla.org/security/announce/2007/mfsa2007-10.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2007/mfsa2007-10.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=362735", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=362735" - }, - { - "name" : "RHSA-2007:0108", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0108.html" - }, - { - "name" : "20070202-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc" - }, - { - "name" : "SSA:2007-066-04", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947" - }, - { - "name" : "SSA:2007-066-05", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131" - }, - { - "name" : "22845", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22845" - }, - { - "name" : "oval:org.mitre.oval:def:11313", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11313" - }, - { - "name" : "ADV-2007-0824", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0824" - }, - { - "name" : "33810", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33810" - }, - { - "name" : "24522", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24522" - }, - { - "name" : "24406", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24406" - }, - { - "name" : "24456", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24456" - }, - { - "name" : "24457", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24457" - }, - { - "name" : "25588", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25588" - }, - { - "name" : "mozilla-email-messages-overflow(32810)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32810" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2007:0078", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html" + }, + { + "name": "FEDORA-2007-308", + "refsource": "FEDORA", + "url": "http://fedoranews.org/cms/node/2747" + }, + { + "name": "RHSA-2007:0108", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html" + }, + { + "name": "oval:org.mitre.oval:def:11313", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11313" + }, + { + "name": "24406", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24406" + }, + { + "name": "24457", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24457" + }, + { + "name": "33810", + "refsource": "OSVDB", + "url": "http://osvdb.org/33810" + }, + { + "name": "DSA-1336", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1336" + }, + { + "name": "FEDORA-2007-309", + "refsource": "FEDORA", + "url": "http://fedoranews.org/cms/node/2749" + }, + { + "name": "GLSA-200703-18", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200703-18.xml" + }, + { + "name": "mozilla-email-messages-overflow(32810)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32810" + }, + { + "name": "25588", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25588" + }, + { + "name": "SSA:2007-066-04", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947" + }, + { + "name": "24456", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24456" + }, + { + "name": "24522", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24522" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=362735", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=362735" + }, + { + "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-10.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-10.html" + }, + { + "name": "22845", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22845" + }, + { + "name": "20070202-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc" + }, + { + "name": "SSA:2007-066-05", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131" + }, + { + "name": "ADV-2007-0824", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0824" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1694.json b/2007/1xxx/CVE-2007-1694.json index 473a63c61e0..e31aa2fa32b 100644 --- a/2007/1xxx/CVE-2007-1694.json +++ b/2007/1xxx/CVE-2007-1694.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1694", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1694", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1722.json b/2007/1xxx/CVE-2007-1722.json index 347f1354560..20fc30c6032 100644 --- a/2007/1xxx/CVE-2007-1722.json +++ b/2007/1xxx/CVE-2007-1722.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the DownloadCertificateExt function in SignKorea SKCommAX ActiveX control module 7.2.0.2 and 3280 6.6.0.1 allows remote attackers to execute arbitrary code via a long pszUserID argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070327 SignKorea's ActiveX Buffer Overflow Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=117497124018827&w=2" - }, - { - "name" : "23149", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23149" - }, - { - "name" : "ADV-2007-1114", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1114" - }, - { - "name" : "24587", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24587" - }, - { - "name" : "skcommax-downloadcertificate-bo(33245)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33245" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the DownloadCertificateExt function in SignKorea SKCommAX ActiveX control module 7.2.0.2 and 3280 6.6.0.1 allows remote attackers to execute arbitrary code via a long pszUserID argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "skcommax-downloadcertificate-bo(33245)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33245" + }, + { + "name": "23149", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23149" + }, + { + "name": "ADV-2007-1114", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1114" + }, + { + "name": "20070327 SignKorea's ActiveX Buffer Overflow Vulnerability", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=117497124018827&w=2" + }, + { + "name": "24587", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24587" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1898.json b/2007/1xxx/CVE-2007-1898.json index 79c19b5786f..3872b503511 100644 --- a/2007/1xxx/CVE-2007-1898.json +++ b/2007/1xxx/CVE-2007-1898.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070515 Jetbox CMS version 2.1 E-Mail Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/468644/100/0/threaded" - }, - { - "name" : "http://www.netvigilance.com/advisory0026", - "refsource" : "MISC", - "url" : "http://www.netvigilance.com/advisory0026" - }, - { - "name" : "23989", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23989" - }, - { - "name" : "ADV-2007-1831", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1831" - }, - { - "name" : "34088", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/34088" - }, - { - "name" : "1018063", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018063" - }, - { - "name" : "2710", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2710" - }, - { - "name" : "jetbox-formmail-mail-relay(34292)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34292" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jetbox-formmail-mail-relay(34292)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34292" + }, + { + "name": "http://www.netvigilance.com/advisory0026", + "refsource": "MISC", + "url": "http://www.netvigilance.com/advisory0026" + }, + { + "name": "2710", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2710" + }, + { + "name": "ADV-2007-1831", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1831" + }, + { + "name": "20070515 Jetbox CMS version 2.1 E-Mail Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/468644/100/0/threaded" + }, + { + "name": "1018063", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018063" + }, + { + "name": "34088", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/34088" + }, + { + "name": "23989", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23989" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5584.json b/2007/5xxx/CVE-2007-5584.json index 367d7f69c02..466e368ac45 100644 --- a/2007/5xxx/CVE-2007-5584.json +++ b/2007/5xxx/CVE-2007-5584.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.2(3) allows remote attackers to cause a denial of service (device reload) via crafted \"data in the control-plane path with Layer 7 Application Inspections.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2007-5584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071219 Application Inspection Vulnerability in Cisco Firewall Services Module", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a008091b11d.shtml" - }, - { - "name" : "26941", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26941" - }, - { - "name" : "ADV-2007-4270", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4270" - }, - { - "name" : "39298", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/39298" - }, - { - "name" : "1019120", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019120" - }, - { - "name" : "28175", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28175" - }, - { - "name" : "cisco-fwsm-control-plane-dos(39135)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39135" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.2(3) allows remote attackers to cause a denial of service (device reload) via crafted \"data in the control-plane path with Layer 7 Application Inspections.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20071219 Application Inspection Vulnerability in Cisco Firewall Services Module", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008091b11d.shtml" + }, + { + "name": "26941", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26941" + }, + { + "name": "cisco-fwsm-control-plane-dos(39135)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39135" + }, + { + "name": "28175", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28175" + }, + { + "name": "39298", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/39298" + }, + { + "name": "1019120", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019120" + }, + { + "name": "ADV-2007-4270", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4270" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5692.json b/2007/5xxx/CVE-2007-5692.json index 47ae1966c3b..d63df673362 100644 --- a/2007/5xxx/CVE-2007-5692.json +++ b/2007/5xxx/CVE-2007-5692.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in SiteBar 3.3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter to integrator.php; (2) the token parameter in a New Password action, (3) the nid_acl parameter in a Folder Properties action, or (4) the uid parameter in a Modify User action to command.php; or (5) the target parameter to index.php, different vectors than CVE-2006-3320." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071018 Serious holes affecting SiteBar 3.3.8", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482499/100/0/threaded" - }, - { - "name" : "http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup", - "refsource" : "CONFIRM", - "url" : "http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup" - }, - { - "name" : "DSA-1423", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1423" - }, - { - "name" : "GLSA-200711-05", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200711-05.xml" - }, - { - "name" : "26126", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26126" - }, - { - "name" : "ADV-2007-3768", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3768" - }, - { - "name" : "41355", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41355" - }, - { - "name" : "41356", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41356" - }, - { - "name" : "41357", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41357" - }, - { - "name" : "41358", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41358" - }, - { - "name" : "41359", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41359" - }, - { - "name" : "27503", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27503" - }, - { - "name" : "28008", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28008" - }, - { - "name" : "3318", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in SiteBar 3.3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter to integrator.php; (2) the token parameter in a New Password action, (3) the nid_acl parameter in a Folder Properties action, or (4) the uid parameter in a Modify User action to command.php; or (5) the target parameter to index.php, different vectors than CVE-2006-3320." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41356", + "refsource": "OSVDB", + "url": "http://osvdb.org/41356" + }, + { + "name": "41357", + "refsource": "OSVDB", + "url": "http://osvdb.org/41357" + }, + { + "name": "27503", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27503" + }, + { + "name": "3318", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3318" + }, + { + "name": "20071018 Serious holes affecting SiteBar 3.3.8", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482499/100/0/threaded" + }, + { + "name": "41355", + "refsource": "OSVDB", + "url": "http://osvdb.org/41355" + }, + { + "name": "GLSA-200711-05", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-05.xml" + }, + { + "name": "http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup", + "refsource": "CONFIRM", + "url": "http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup" + }, + { + "name": "26126", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26126" + }, + { + "name": "41358", + "refsource": "OSVDB", + "url": "http://osvdb.org/41358" + }, + { + "name": "28008", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28008" + }, + { + "name": "DSA-1423", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1423" + }, + { + "name": "ADV-2007-3768", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3768" + }, + { + "name": "41359", + "refsource": "OSVDB", + "url": "http://osvdb.org/41359" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5758.json b/2007/5xxx/CVE-2007-5758.json index baffc225e94..7dfa5c42c90 100644 --- a/2007/5xxx/CVE-2007-5758.json +++ b/2007/5xxx/CVE-2007-5758.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to execute arbitrary code via a long DASPROF environment variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080415 IBM DB2 Universal Database db2dasStartStopFMDaemon Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=689" - }, - { - "name" : "27870", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27870" - }, - { - "name" : "ADV-2008-1237", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1237/references" - }, - { - "name" : "1019853", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019853" - }, - { - "name" : "29784", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29784" - }, - { - "name" : "ibm-db2-db2dasrrm-dasprof-bo(41847)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41847" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to execute arbitrary code via a long DASPROF environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-db2-db2dasrrm-dasprof-bo(41847)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41847" + }, + { + "name": "1019853", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019853" + }, + { + "name": "29784", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29784" + }, + { + "name": "ADV-2008-1237", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1237/references" + }, + { + "name": "27870", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27870" + }, + { + "name": "20080415 IBM DB2 Universal Database db2dasStartStopFMDaemon Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=689" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2387.json b/2009/2xxx/CVE-2009-2387.json index 9f5021f39b6..93c12a1ac56 100644 --- a/2009/2xxx/CVE-2009-2387.json +++ b/2009/2xxx/CVE-2009-2387.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2387", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the proc filesystem in Sun OpenSolaris snv_49 through snv_109 allows local users to cause a denial of service (deadlock and panic) via unknown vectors, related to the ldt_rewrite_syscall function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2387", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "258888", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-258888-1" - }, - { - "name" : "35588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35588" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the proc filesystem in Sun OpenSolaris snv_49 through snv_109 allows local users to cause a denial of service (deadlock and panic) via unknown vectors, related to the ldt_rewrite_syscall function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35588" + }, + { + "name": "258888", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-258888-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2563.json b/2009/2xxx/CVE-2009-2563.json index 88b430dd8aa..d552137cd75 100644 --- a/2009/2xxx/CVE-2009-2563.json +++ b/2009/2xxx/CVE-2009-2563.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0.6 through 1.2.0, when running on unspecified platforms, allows remote attackers to cause a denial of service (crash) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090917 Wireshark - wnpa-sec-2009-05.html && wnpa-sec-2009-06.html -- CVE confirmation and CVE Request", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/09/17/15" - }, - { - "name" : "[oss-security] 20090917 Re: Wireshark - wnpa-sec-2009-05.html && wnpa-sec-2009-06.html -- CVE confirmation and CVE Request", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/09/18/2" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2009-04.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2009-04.html" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2009-05.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2009-05.html" - }, - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.0.9.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.0.9.html" - }, - { - "name" : "MDVSA-2009:194", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:194" - }, - { - "name" : "MDVSA-2010:031", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:031" - }, - { - "name" : "35748", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35748" - }, - { - "name" : "oval:org.mitre.oval:def:11210", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11210" - }, - { - "name" : "oval:org.mitre.oval:def:6321", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6321" - }, - { - "name" : "35884", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35884" - }, - { - "name" : "ADV-2009-1970", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1970" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0.6 through 1.2.0, when running on unspecified platforms, allows remote attackers to cause a denial of service (crash) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2009:194", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:194" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2009-04.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2009-04.html" + }, + { + "name": "ADV-2009-1970", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1970" + }, + { + "name": "oval:org.mitre.oval:def:6321", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6321" + }, + { + "name": "oval:org.mitre.oval:def:11210", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11210" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2009-05.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2009-05.html" + }, + { + "name": "35748", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35748" + }, + { + "name": "35884", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35884" + }, + { + "name": "[oss-security] 20090917 Re: Wireshark - wnpa-sec-2009-05.html && wnpa-sec-2009-06.html -- CVE confirmation and CVE Request", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/09/18/2" + }, + { + "name": "MDVSA-2010:031", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:031" + }, + { + "name": "[oss-security] 20090917 Wireshark - wnpa-sec-2009-05.html && wnpa-sec-2009-06.html -- CVE confirmation and CVE Request", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/09/17/15" + }, + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.0.9.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.0.9.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2945.json b/2009/2xxx/CVE-2009-2945.json index b9f442cfd59..bdb5ca7e930 100644 --- a/2009/2xxx/CVE-2009-2945.json +++ b/2009/2xxx/CVE-2009-2945.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "weblogin/login.fcgi (aka the WebLogin login script) in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://webauth.stanford.edu/security/2009-09-10.html", - "refsource" : "CONFIRM", - "url" : "http://webauth.stanford.edu/security/2009-09-10.html" - }, - { - "name" : "36640", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "weblogin/login.fcgi (aka the WebLogin login script) in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://webauth.stanford.edu/security/2009-09-10.html", + "refsource": "CONFIRM", + "url": "http://webauth.stanford.edu/security/2009-09-10.html" + }, + { + "name": "36640", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36640" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3512.json b/2015/3xxx/CVE-2015-3512.json index 5a6088b4f44..c0ce6f417f8 100644 --- a/2015/3xxx/CVE-2015-3512.json +++ b/2015/3xxx/CVE-2015-3512.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3512", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3512", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3541.json b/2015/3xxx/CVE-2015-3541.json index 1045008a163..7a1e35e7ccb 100644 --- a/2015/3xxx/CVE-2015-3541.json +++ b/2015/3xxx/CVE-2015-3541.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3541", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3541", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3892.json b/2015/3xxx/CVE-2015-3892.json index 77f54588ae7..af6f0a568c0 100644 --- a/2015/3xxx/CVE-2015-3892.json +++ b/2015/3xxx/CVE-2015-3892.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3892", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3892", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4621.json b/2015/4xxx/CVE-2015-4621.json index 93fd06a5a2e..23bee70d4fa 100644 --- a/2015/4xxx/CVE-2015-4621.json +++ b/2015/4xxx/CVE-2015-4621.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4621", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4621", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4646.json b/2015/4xxx/CVE-2015-4646.json index 64ba9f0ca42..10b79912622 100644 --- a/2015/4xxx/CVE-2015-4646.json +++ b/2015/4xxx/CVE-2015-4646.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150618 Re: Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2015/q2/756" - }, - { - "name" : "GLSA-201701-73", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-73" - }, - { - "name" : "75272", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75272" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "75272", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75272" + }, + { + "name": "GLSA-201701-73", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-73" + }, + { + "name": "[oss-security] 20150618 Re: Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2015/q2/756" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4786.json b/2015/4xxx/CVE-2015-4786.json index 19d9d400a47..287d1ae67c0 100644 --- a/2015/4xxx/CVE-2015-4786.json +++ b/2015/4xxx/CVE-2015-4786.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4786", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640, CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-4764, CVE-2015-4775, CVE-2015-4776, CVE-2015-4777, CVE-2015-4778, CVE-2015-4780, CVE-2015-4781, CVE-2015-4782, CVE-2015-4783, CVE-2015-4784, CVE-2015-4785, CVE-2015-4787, CVE-2015-4789, and CVE-2015-4790." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640, CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-4764, CVE-2015-4775, CVE-2015-4776, CVE-2015-4777, CVE-2015-4778, CVE-2015-4780, CVE-2015-4781, CVE-2015-4782, CVE-2015-4783, CVE-2015-4784, CVE-2015-4785, CVE-2015-4787, CVE-2015-4789, and CVE-2015-4790." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4802.json b/2015/4xxx/CVE-2015-4802.json index 12fb2b15077..04862b6f74f 100644 --- a/2015/4xxx/CVE-2015-4802.json +++ b/2015/4xxx/CVE-2015-4802.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "DSA-3385", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3385" - }, - { - "name" : "DSA-3377", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3377" - }, - { - "name" : "FEDORA-2016-e30164d0a2", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html" - }, - { - "name" : "RHSA-2016:0534", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0534.html" - }, - { - "name" : "RHSA-2016:0705", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0705.html" - }, - { - "name" : "RHSA-2016:1132", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1132" - }, - { - "name" : "RHSA-2016:1480", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1480.html" - }, - { - "name" : "RHSA-2016:1481", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1481.html" - }, - { - "name" : "SUSE-SU-2016:0296", - "refsource" : "SUSE", - "url" : "https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html" - }, - { - "name" : "openSUSE-SU-2016:0368", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html" - }, - { - "name" : "openSUSE-SU-2015:2244", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html" - }, - { - "name" : "openSUSE-SU-2015:2246", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html" - }, - { - "name" : "USN-2781-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2781-1" - }, - { - "name" : "77165", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77165" - }, - { - "name" : "1033894", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033894" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:2244", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html" + }, + { + "name": "RHSA-2016:1481", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1481.html" + }, + { + "name": "1033894", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033894" + }, + { + "name": "RHSA-2016:1132", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1132" + }, + { + "name": "RHSA-2016:0534", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0534.html" + }, + { + "name": "USN-2781-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2781-1" + }, + { + "name": "SUSE-SU-2016:0296", + "refsource": "SUSE", + "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "RHSA-2016:1480", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1480.html" + }, + { + "name": "openSUSE-SU-2015:2246", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html" + }, + { + "name": "DSA-3385", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3385" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "77165", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77165" + }, + { + "name": "openSUSE-SU-2016:0368", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html" + }, + { + "name": "DSA-3377", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3377" + }, + { + "name": "RHSA-2016:0705", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0705.html" + }, + { + "name": "FEDORA-2016-e30164d0a2", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4950.json b/2015/4xxx/CVE-2015-4950.json index 849bd87299f..fbf4caacd69 100644 --- a/2015/4xxx/CVE-2015-4950.json +++ b/2015/4xxx/CVE-2015-4950.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1 before 6.1.3.6, 6.3 before 6.3.1.3, 6.4 before 6.4.1.4, and 7.1 before 7.1.0.2; Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server 2.1, 2.2, 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.1; and Tivoli Storage Manager FastBack for Microsoft Exchange 6.1 before 6.1.5.4 does not ensure that the correct mailbox is selected, which allows remote authenticated users to obtain sensitive information via a duplicate alias name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-4950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21963629", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21963629" - }, - { - "name" : "IT04251", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04251" - }, - { - "name" : "IT04252", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04252" - }, - { - "name" : "1033652", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033652" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1 before 6.1.3.6, 6.3 before 6.3.1.3, 6.4 before 6.4.1.4, and 7.1 before 7.1.0.2; Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server 2.1, 2.2, 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.1; and Tivoli Storage Manager FastBack for Microsoft Exchange 6.1 before 6.1.5.4 does not ensure that the correct mailbox is selected, which allows remote authenticated users to obtain sensitive information via a duplicate alias name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IT04252", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04252" + }, + { + "name": "IT04251", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04251" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21963629", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963629" + }, + { + "name": "1033652", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033652" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7966.json b/2015/7xxx/CVE-2015-7966.json index d64153f3a53..8d12ccdd898 100644 --- a/2015/7xxx/CVE-2015-7966.json +++ b/2015/7xxx/CVE-2015-7966.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7966", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7965." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7966", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/" - }, - { - "name" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", - "refsource" : "MISC", - "url" : "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf" - }, - { - "name" : "https://safenet.gemalto.com/technical-support/security-updates/", - "refsource" : "CONFIRM", - "url" : "https://safenet.gemalto.com/technical-support/security-updates/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7965." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://safenet.gemalto.com/technical-support/security-updates/", + "refsource": "CONFIRM", + "url": "https://safenet.gemalto.com/technical-support/security-updates/" + }, + { + "name": "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/", + "refsource": "MISC", + "url": "https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/" + }, + { + "name": "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf", + "refsource": "MISC", + "url": "https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8048.json b/2015/8xxx/CVE-2015-8048.json index 8f1325f661d..c4adae974f3 100644 --- a/2015/8xxx/CVE-2015-8048.json +++ b/2015/8xxx/CVE-2015-8048.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-8048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39649", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39649/" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html" - }, - { - "name" : "GLSA-201601-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201601-03" - }, - { - "name" : "SUSE-SU-2015:2236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html" - }, - { - "name" : "SUSE-SU-2015:2247", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html" - }, - { - "name" : "openSUSE-SU-2015:2239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html" - }, - { - "name" : "78715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/78715" - }, - { - "name" : "1034318", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:2239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html" + }, + { + "name": "39649", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39649/" + }, + { + "name": "78715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/78715" + }, + { + "name": "SUSE-SU-2015:2236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html" + }, + { + "name": "SUSE-SU-2015:2247", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html" + }, + { + "name": "1034318", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034318" + }, + { + "name": "GLSA-201601-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201601-03" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8349.json b/2015/8xxx/CVE-2015-8349.json index 2da132dbaa9..67a0029523a 100644 --- a/2015/8xxx/CVE-2015-8349.json +++ b/2015/8xxx/CVE-2015-8349.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151202 Reflected Cross-Site Scripting (XSS) in SourceBans", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/537018/100/0/threaded" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23273", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20151202 Reflected Cross-Site Scripting (XSS) in SourceBans", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/537018/100/0/threaded" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23273", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23273" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8602.json b/2015/8xxx/CVE-2015-8602.json index 08a7e702b38..a7d8c5537ba 100644 --- a/2015/8xxx/CVE-2015-8602.json +++ b/2015/8xxx/CVE-2015-8602.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restrictions and possibly obtain sensitive information by inserting a token, which embeds a rendered entity in the main node." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/node/2627638", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2627638" - }, - { - "name" : "https://www.drupal.org/node/2571905", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2571905" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restrictions and possibly obtain sensitive information by inserting a token, which embeds a rendered entity in the main node." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2627638", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2627638" + }, + { + "name": "https://www.drupal.org/node/2571905", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2571905" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9202.json b/2015/9xxx/CVE-2015-9202.json index 6cea6796a2e..674810e28f2 100644 --- a/2015/9xxx/CVE-2015-9202.json +++ b/2015/9xxx/CVE-2015-9202.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2015-9202", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, while processing the content headers in the Playready module, a buffer overread may occur if the header count exceeds the expected value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer overread vulnerability in Playready" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2015-9202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, while processing the content headers in the Playready module, a buffer overread may occur if the header count exceeds the expected value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer overread vulnerability in Playready" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9226.json b/2015/9xxx/CVE-2015-9226.json index f847693cb38..959e8290f18 100644 --- a/2015/9xxx/CVE-2015-9226.json +++ b/2015/9xxx/CVE-2015-9226.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-9226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "38727", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38727/" - }, - { - "name" : "20151114 AlegroCart 1.2.8: SQL Injection", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Nov/68" - }, - { - "name" : "http://packetstormsecurity.com/files/134362/AlegroCart-1.2.8-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/134362/AlegroCart-1.2.8-SQL-Injection.html" - }, - { - "name" : "https://blog.curesec.com/article/blog/AlegroCart-128-SQL-Injection-104.html", - "refsource" : "MISC", - "url" : "https://blog.curesec.com/article/blog/AlegroCart-128-SQL-Injection-104.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/134362/AlegroCart-1.2.8-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/134362/AlegroCart-1.2.8-SQL-Injection.html" + }, + { + "name": "38727", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38727/" + }, + { + "name": "https://blog.curesec.com/article/blog/AlegroCart-128-SQL-Injection-104.html", + "refsource": "MISC", + "url": "https://blog.curesec.com/article/blog/AlegroCart-128-SQL-Injection-104.html" + }, + { + "name": "20151114 AlegroCart 1.2.8: SQL Injection", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Nov/68" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1321.json b/2016/1xxx/CVE-2016-1321.json index 1365a2023ae..7308213433a 100644 --- a/2016/1xxx/CVE-2016-1321.json +++ b/2016/1xxx/CVE-2016-1321.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an unspecified Cisco server, aka Bug ID CSCut98082." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-1321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160212 Cisco Universal Small Cell Devices Unauthorized Firmware Retrieval Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160212-usc" - }, - { - "name" : "1035014", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035014" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an unspecified Cisco server, aka Bug ID CSCut98082." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160212 Cisco Universal Small Cell Devices Unauthorized Firmware Retrieval Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160212-usc" + }, + { + "name": "1035014", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035014" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5040.json b/2016/5xxx/CVE-2016-5040.json index af2b76abb67..0ee34f0bf43 100644 --- a/2016/5xxx/CVE-2016-5040.json +++ b/2016/5xxx/CVE-2016-5040.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a large length value in a compilation unit header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf & dwarfdump", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/24/1" - }, - { - "name" : "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf & dwarfdump", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/25/1" - }, - { - "name" : "https://www.prevanders.net/dwarfbug.html", - "refsource" : "CONFIRM", - "url" : "https://www.prevanders.net/dwarfbug.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a large length value in a compilation unit header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.prevanders.net/dwarfbug.html", + "refsource": "CONFIRM", + "url": "https://www.prevanders.net/dwarfbug.html" + }, + { + "name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf & dwarfdump", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/24/1" + }, + { + "name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf & dwarfdump", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/25/1" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5139.json b/2016/5xxx/CVE-2016-5139.json index 11998baaf03..c10658b2d1e 100644 --- a/2016/5xxx/CVE-2016-5139.json +++ b/2016/5xxx/CVE-2016-5139.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2016-5139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180719 [SECURITY] [DLA 1433-1] openjpeg2 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00025.html" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://codereview.chromium.org/2124073003", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/2124073003" - }, - { - "name" : "https://crbug.com/625541", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/625541" - }, - { - "name" : "DSA-3645", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3645" - }, - { - "name" : "FEDORA-2016-e9798eaaa3", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KMX62M7UNRLWO4FEQ6YIMPMTKXXJV6A/" - }, - { - "name" : "GLSA-201610-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-09" - }, - { - "name" : "RHSA-2016:1580", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1580.html" - }, - { - "name" : "RHSA-2017:0559", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0559.html" - }, - { - "name" : "RHSA-2017:0838", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0838.html" - }, - { - "name" : "openSUSE-SU-2016:1982", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00005.html" - }, - { - "name" : "openSUSE-SU-2016:1983", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00006.html" - }, - { - "name" : "92276", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92276" - }, - { - "name" : "1036547", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180719 [SECURITY] [DLA 1433-1] openjpeg2 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00025.html" + }, + { + "name": "92276", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92276" + }, + { + "name": "https://crbug.com/625541", + "refsource": "CONFIRM", + "url": "https://crbug.com/625541" + }, + { + "name": "openSUSE-SU-2016:1983", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00006.html" + }, + { + "name": "RHSA-2016:1580", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1580.html" + }, + { + "name": "RHSA-2017:0559", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0559.html" + }, + { + "name": "RHSA-2017:0838", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0838.html" + }, + { + "name": "1036547", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036547" + }, + { + "name": "GLSA-201610-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-09" + }, + { + "name": "https://codereview.chromium.org/2124073003", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/2124073003" + }, + { + "name": "http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html" + }, + { + "name": "openSUSE-SU-2016:1982", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00005.html" + }, + { + "name": "DSA-3645", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3645" + }, + { + "name": "FEDORA-2016-e9798eaaa3", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KMX62M7UNRLWO4FEQ6YIMPMTKXXJV6A/" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5516.json b/2016/5xxx/CVE-2016-5516.json index b5f0e6e67e4..78c476f27f4 100644 --- a/2016/5xxx/CVE-2016-5516.json +++ b/2016/5xxx/CVE-2016-5516.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5516", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-5516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "93626", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93626" - }, - { - "name" : "1037035", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037035" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "93626", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93626" + }, + { + "name": "1037035", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037035" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5523.json b/2016/5xxx/CVE-2016-5523.json index da43d02cba4..eb0a95f0d9c 100644 --- a/2016/5xxx/CVE-2016-5523.json +++ b/2016/5xxx/CVE-2016-5523.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to AutoVue Java Applet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-5523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "93625", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to AutoVue Java Applet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "93625", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93625" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5657.json b/2016/5xxx/CVE-2016-5657.json index dd7b8cc2051..34c1a802706 100644 --- a/2016/5xxx/CVE-2016-5657.json +++ b/2016/5xxx/CVE-2016-5657.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5657", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5657", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5750.json b/2016/5xxx/CVE-2016-5750.json index f94d9d8212a..5f50b4e7b48 100644 --- a/2016/5xxx/CVE-2016-5750.json +++ b/2016/5xxx/CVE-2016-5750.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "ID" : "CVE-2016-5750", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NetIQ iManager", - "version" : { - "version_data" : [ - { - "version_value" : "NetIQ iManager" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2016-5750", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetIQ iManager", + "version": { + "version_data": [ + { + "version_value": "NetIQ iManager" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.novell.com/support/kb/doc.php?id=7017807", - "refsource" : "CONFIRM", - "url" : "https://www.novell.com/support/kb/doc.php?id=7017807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.novell.com/support/kb/doc.php?id=7017807", + "refsource": "CONFIRM", + "url": "https://www.novell.com/support/kb/doc.php?id=7017807" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5788.json b/2016/5xxx/CVE-2016-5788.json index ebf4a0ba6e1..faed7300ece 100644 --- a/2016/5xxx/CVE-2016-5788.json +++ b/2016/5xxx/CVE-2016-5788.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-5788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-252-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-252-01" - }, - { - "name" : "93452", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93452" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-252-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-252-01" + }, + { + "name": "93452", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93452" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2432.json b/2018/2xxx/CVE-2018-2432.json index b00d88a969a..e935b768f1a 100644 --- a/2018/2xxx/CVE-2018-2432.json +++ b/2018/2xxx/CVE-2018-2432.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2018-2432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console)", - "version" : { - "version_data" : [ - { - "version_name" : "=", - "version_value" : "4.10" - }, - { - "version_name" : "=", - "version_value" : "4.20" - }, - { - "version_name" : "=", - "version_value" : "4.30" - } - ] - } - } - ] - }, - "vendor_name" : "SAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced attacks, including: cross-site scripting and page hijacking." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Header Manipulation" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2018-2432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console)", + "version": { + "version_data": [ + { + "version_name": "=", + "version_value": "4.10" + }, + { + "version_name": "=", + "version_value": "4.20" + }, + { + "version_name": "=", + "version_value": "4.30" + } + ] + } + } + ] + }, + "vendor_name": "SAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.support.sap.com/#/notes/2523290", - "refsource" : "MISC", - "url" : "https://launchpad.support.sap.com/#/notes/2523290" - }, - { - "name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000", - "refsource" : "CONFIRM", - "url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000" - }, - { - "name" : "104716", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104716" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced attacks, including: cross-site scripting and page hijacking." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Header Manipulation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104716", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104716" + }, + { + "name": "https://launchpad.support.sap.com/#/notes/2523290", + "refsource": "MISC", + "url": "https://launchpad.support.sap.com/#/notes/2523290" + }, + { + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000", + "refsource": "CONFIRM", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2650.json b/2018/2xxx/CVE-2018-2650.json index 55a3a74b271..229888c5f2f 100644 --- a/2018/2xxx/CVE-2018-2650.json +++ b/2018/2xxx/CVE-2018-2650.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Reporting and Analytics", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.5.1" - }, - { - "version_affected" : "=", - "version_value" : "9.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Reporting and Analytics", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.5.1" + }, + { + "version_affected": "=", + "version_value": "9.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102564", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102564" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102564", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102564" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2674.json b/2018/2xxx/CVE-2018-2674.json index 4883cf40067..feab2b09d01 100644 --- a/2018/2xxx/CVE-2018-2674.json +++ b/2018/2xxx/CVE-2018-2674.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Direct Banking", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.0.2" - }, - { - "version_affected" : "=", - "version_value" : "12.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Logoff). Supported versions that are affected are 12.0.2 and 12.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Direct Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Direct Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Direct Banking", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.2" + }, + { + "version_affected": "=", + "version_value": "12.0.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102686", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102686" - }, - { - "name" : "1040214", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Logoff). Supported versions that are affected are 12.0.2 and 12.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Direct Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Direct Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "1040214", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040214" + }, + { + "name": "102686", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102686" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2857.json b/2018/2xxx/CVE-2018-2857.json index e1de95136a2..1f9979a899e 100644 --- a/2018/2xxx/CVE-2018-2857.json +++ b/2018/2xxx/CVE-2018-2857.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2857", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sun ZFS Storage Appliance Kit (AK) Software", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "8.7.17" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: HTTP data path subsystems). The supported version that is affected is Prior to 8.7.17. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data as well as unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data as well as unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Sun ZFS Storage Appliance Kit (AK)." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2857", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sun ZFS Storage Appliance Kit (AK) Software", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.7.17" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "103892", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103892" - }, - { - "name" : "1040702", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040702" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: HTTP data path subsystems). The supported version that is affected is Prior to 8.7.17. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data as well as unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data as well as unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Sun ZFS Storage Appliance Kit (AK)." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040702", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040702" + }, + { + "name": "103892", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103892" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0075.json b/2019/0xxx/CVE-2019-0075.json index cb523b9fb85..79ccea38a6d 100644 --- a/2019/0xxx/CVE-2019-0075.json +++ b/2019/0xxx/CVE-2019-0075.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0075", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0075", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0204.json b/2019/0xxx/CVE-2019-0204.json index a68f861e5f1..2cded00720f 100644 --- a/2019/0xxx/CVE-2019-0204.json +++ b/2019/0xxx/CVE-2019-0204.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0204", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0204", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0892.json b/2019/0xxx/CVE-2019-0892.json index 82df61539e8..51a4bef96a6 100644 --- a/2019/0xxx/CVE-2019-0892.json +++ b/2019/0xxx/CVE-2019-0892.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0892", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0892", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1081.json b/2019/1xxx/CVE-2019-1081.json index e6d2d79f98f..a515e3e6382 100644 --- a/2019/1xxx/CVE-2019-1081.json +++ b/2019/1xxx/CVE-2019-1081.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1081", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1081", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1377.json b/2019/1xxx/CVE-2019-1377.json index a111753f7f5..030b22e028e 100644 --- a/2019/1xxx/CVE-2019-1377.json +++ b/2019/1xxx/CVE-2019-1377.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1377", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1377", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4073.json b/2019/4xxx/CVE-2019-4073.json index d4e442baed7..dd532adfd73 100644 --- a/2019/4xxx/CVE-2019-4073.json +++ b/2019/4xxx/CVE-2019-4073.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4073", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4073", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4583.json b/2019/4xxx/CVE-2019-4583.json index 05c2533b10a..4ec20bfee91 100644 --- a/2019/4xxx/CVE-2019-4583.json +++ b/2019/4xxx/CVE-2019-4583.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4583", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4583", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4925.json b/2019/4xxx/CVE-2019-4925.json index c33c43dcf01..6249be2cf8b 100644 --- a/2019/4xxx/CVE-2019-4925.json +++ b/2019/4xxx/CVE-2019-4925.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4925", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4925", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5063.json b/2019/5xxx/CVE-2019-5063.json index eebffccc02d..b3aa34bc889 100644 --- a/2019/5xxx/CVE-2019-5063.json +++ b/2019/5xxx/CVE-2019-5063.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5063", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5063", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5316.json b/2019/5xxx/CVE-2019-5316.json index 20b63c8ce27..6c4043a4f35 100644 --- a/2019/5xxx/CVE-2019-5316.json +++ b/2019/5xxx/CVE-2019-5316.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5316", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5316", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5787.json b/2019/5xxx/CVE-2019-5787.json index cd801be5cfa..9e5a0e48116 100644 --- a/2019/5xxx/CVE-2019-5787.json +++ b/2019/5xxx/CVE-2019-5787.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5787", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5787", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5922.json b/2019/5xxx/CVE-2019-5922.json index b297d17ecb6..ae6077d65c7 100644 --- a/2019/5xxx/CVE-2019-5922.json +++ b/2019/5xxx/CVE-2019-5922.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2019-5922", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "The installer of Microsoft Teams", - "version" : { - "version_data" : [ - { - "version_value" : "" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in The installer of Microsoft Teams allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2019-5922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "The installer of Microsoft Teams", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#79543573", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN79543573/index.html" - }, - { - "name" : "107200", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in The installer of Microsoft Teams allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "107200", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107200" + }, + { + "name": "JVN#79543573", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN79543573/index.html" + } + ] + } +} \ No newline at end of file