From 77763b8424a8ad54e26e3b6c49edc65b0a443359 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:40:24 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/0xxx/CVE-1999-0139.json | 120 +++---- 1999/1xxx/CVE-1999-1333.json | 150 ++++----- 2000/1xxx/CVE-2000-1176.json | 130 ++++---- 2005/2xxx/CVE-2005-2252.json | 130 ++++---- 2005/2xxx/CVE-2005-2341.json | 160 +++++----- 2005/2xxx/CVE-2005-2564.json | 130 ++++---- 2005/2xxx/CVE-2005-2882.json | 160 +++++----- 2005/2xxx/CVE-2005-2940.json | 140 ++++---- 2005/2xxx/CVE-2005-2997.json | 130 ++++---- 2005/3xxx/CVE-2005-3494.json | 150 ++++----- 2005/3xxx/CVE-2005-3509.json | 150 ++++----- 2007/5xxx/CVE-2007-5324.json | 34 +- 2007/5xxx/CVE-2007-5336.json | 34 +- 2007/5xxx/CVE-2007-5338.json | 600 +++++++++++++++++------------------ 2009/2xxx/CVE-2009-2544.json | 120 +++---- 2009/2xxx/CVE-2009-2610.json | 170 +++++----- 2015/0xxx/CVE-2015-0009.json | 150 ++++----- 2015/0xxx/CVE-2015-0331.json | 140 ++++---- 2015/3xxx/CVE-2015-3153.json | 250 +++++++-------- 2015/4xxx/CVE-2015-4148.json | 250 +++++++-------- 2015/4xxx/CVE-2015-4887.json | 130 ++++---- 2015/4xxx/CVE-2015-4971.json | 120 +++---- 2015/8xxx/CVE-2015-8230.json | 120 +++---- 2015/8xxx/CVE-2015-8538.json | 130 ++++---- 2015/8xxx/CVE-2015-8583.json | 34 +- 2015/8xxx/CVE-2015-8598.json | 34 +- 2015/8xxx/CVE-2015-8606.json | 160 +++++----- 2015/9xxx/CVE-2015-9059.json | 120 +++---- 2016/5xxx/CVE-2016-5652.json | 160 +++++----- 2016/5xxx/CVE-2016-5673.json | 140 ++++---- 2016/5xxx/CVE-2016-5758.json | 130 ++++---- 2018/2xxx/CVE-2018-2455.json | 188 +++++------ 2018/2xxx/CVE-2018-2669.json | 140 ++++---- 2018/2xxx/CVE-2018-2671.json | 142 ++++----- 2018/2xxx/CVE-2018-2685.json | 140 ++++---- 2018/6xxx/CVE-2018-6160.json | 152 ++++----- 2018/6xxx/CVE-2018-6171.json | 34 +- 2018/6xxx/CVE-2018-6598.json | 120 +++---- 2018/6xxx/CVE-2018-6958.json | 142 ++++----- 2018/7xxx/CVE-2018-7914.json | 34 +- 2019/0xxx/CVE-2019-0060.json | 34 +- 2019/0xxx/CVE-2019-0682.json | 34 +- 2019/1xxx/CVE-2019-1283.json | 34 +- 2019/1xxx/CVE-2019-1540.json | 34 +- 2019/1xxx/CVE-2019-1730.json | 34 +- 2019/1xxx/CVE-2019-1732.json | 34 +- 2019/5xxx/CVE-2019-5056.json | 34 +- 2019/5xxx/CVE-2019-5199.json | 34 +- 2019/5xxx/CVE-2019-5890.json | 34 +- 49 files changed, 2987 insertions(+), 2987 deletions(-) diff --git a/1999/0xxx/CVE-1999-0139.json b/1999/0xxx/CVE-1999-0139.json index 73b39d6dbd3..18f63fe3ae6 100644 --- a/1999/0xxx/CVE-1999-0139.json +++ b/1999/0xxx/CVE-1999-0139.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8205", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8205" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8205", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8205" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1333.json b/1999/1xxx/CVE-1999-1333.json index a1bc2f8b59a..39caa396242 100644 --- a/1999/1xxx/CVE-1999-1333.json +++ b/1999/1xxx/CVE-1999-1333.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1333", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux 5.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the names of files that are to be downloaded." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1333", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19980319 ncftp 2.4.2 MkDirs bug", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=89042322924057&w=2" - }, - { - "name" : "http://www.redhat.com/support/errata/rh50-errata-general.html#ncftp", - "refsource" : "CONFIRM", - "url" : "http://www.redhat.com/support/errata/rh50-errata-general.html#ncftp" - }, - { - "name" : "ncftp-autodownload-command-execution(7240)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7240.php" - }, - { - "name" : "6111", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6111" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux 5.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the names of files that are to be downloaded." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ncftp-autodownload-command-execution(7240)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7240.php" + }, + { + "name": "http://www.redhat.com/support/errata/rh50-errata-general.html#ncftp", + "refsource": "CONFIRM", + "url": "http://www.redhat.com/support/errata/rh50-errata-general.html#ncftp" + }, + { + "name": "6111", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6111" + }, + { + "name": "19980319 ncftp 2.4.2 MkDirs bug", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=89042322924057&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1176.json b/2000/1xxx/CVE-2000-1176.json index de9a191d9a6..567fe46f848 100644 --- a/2000/1xxx/CVE-2000-1176.json +++ b/2000/1xxx/CVE-2000-1176.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1176", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack in the \"catsearch\" form field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1176", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001107 Insecure input balidation in YaBB Search.pl", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-11/0110.html" - }, - { - "name" : "1921", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1921" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack in the \"catsearch\" form field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20001107 Insecure input balidation in YaBB Search.pl", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0110.html" + }, + { + "name": "1921", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1921" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2252.json b/2005/2xxx/CVE-2005-2252.json index ff101a2dbce..533e3b08fdc 100644 --- a/2005/2xxx/CVE-2005-2252.json +++ b/2005/2xxx/CVE-2005-2252.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PhpAuction 2.5 allows remote attackers to bypass authentication and gain privileges as another user by setting the PHPAUCTION_RM_ID cookie to the user ID." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1014423", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014423" - }, - { - "name" : "15967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15967" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PhpAuction 2.5 allows remote attackers to bypass authentication and gain privileges as another user by setting the PHPAUCTION_RM_ID cookie to the user ID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014423", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014423" + }, + { + "name": "15967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15967" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2341.json b/2005/2xxx/CVE-2005-2341.json index 8899cf3fec8..7278d32b7aa 100644 --- a/2005/2xxx/CVE-2005-2341.json +++ b/2005/2xxx/CVE-2005-2341.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Research in Motion (RIM) BlackBerry Attachment Service allows remote attackers to cause a denial of service (hang) via an e-mail attachment with a crafted TIFF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2005-2341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#570768", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/570768" - }, - { - "name" : "16098", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16098" - }, - { - "name" : "ADV-2006-0011", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0011" - }, - { - "name" : "1015426", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015426" - }, - { - "name" : "18277", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Research in Motion (RIM) BlackBerry Attachment Service allows remote attackers to cause a denial of service (hang) via an e-mail attachment with a crafted TIFF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16098", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16098" + }, + { + "name": "VU#570768", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/570768" + }, + { + "name": "18277", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18277" + }, + { + "name": "ADV-2006-0011", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0011" + }, + { + "name": "1015426", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015426" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2564.json b/2005/2xxx/CVE-2005-2564.json index d1910fc2071..dadb1e468bd 100644 --- a/2005/2xxx/CVE-2005-2564.json +++ b/2005/2xxx/CVE-2005-2564.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Direct static code injection vulnerability in editcss.php in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary PHP code, HTML, and script via the csscontent parameter, which is directly inserted into the gbxfinal.css file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050807 Gravity Board X v1.1 multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112351740803443&w=2" - }, - { - "name" : "gravityboardx-template-xss(21742)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Direct static code injection vulnerability in editcss.php in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary PHP code, HTML, and script via the csscontent parameter, which is directly inserted into the gbxfinal.css file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050807 Gravity Board X v1.1 multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112351740803443&w=2" + }, + { + "name": "gravityboardx-template-xss(21742)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21742" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2882.json b/2005/2xxx/CVE-2005-2882.json index 82731684c50..14db619b680 100644 --- a/2005/2xxx/CVE-2005-2882.json +++ b/2005/2xxx/CVE-2005-2882.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2882", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the LocationID parameter to (1) thankyou.php or (2) day.php, font parameter to (3) calDaily.php, (4) calMonthly.php, (5) calMonthlyP.php, (6) calWeekly.php, (7) calWeeklyP.php, (8) calYearly.php, (9) calYearlyP.php, (10) day.php, or (11) week.php, or (12) CeTi, (13) Contact, (14) Description, (15) ShowAddress parameter to event.php, and other attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2882", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050905 phpCommunityCalendar 4.0.3 (possibly prior versions) sql injection / login bypass / cross site scripting", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112605610624004&w=2" - }, - { - "name" : "http://rgod.altervista.org/phpccal.html", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/phpccal.html" - }, - { - "name" : "14767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14767" - }, - { - "name" : "16721", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16721/" - }, - { - "name" : "phpcommunitycalendar-multiple-xss(22176)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the LocationID parameter to (1) thankyou.php or (2) day.php, font parameter to (3) calDaily.php, (4) calMonthly.php, (5) calMonthlyP.php, (6) calWeekly.php, (7) calWeeklyP.php, (8) calYearly.php, (9) calYearlyP.php, (10) day.php, or (11) week.php, or (12) CeTi, (13) Contact, (14) Description, (15) ShowAddress parameter to event.php, and other attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050905 phpCommunityCalendar 4.0.3 (possibly prior versions) sql injection / login bypass / cross site scripting", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112605610624004&w=2" + }, + { + "name": "14767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14767" + }, + { + "name": "phpcommunitycalendar-multiple-xss(22176)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22176" + }, + { + "name": "16721", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16721/" + }, + { + "name": "http://rgod.altervista.org/phpccal.html", + "refsource": "MISC", + "url": "http://rgod.altervista.org/phpccal.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2940.json b/2005/2xxx/CVE-2005-2940.json index 571255df21b..bb6c1e8117c 100644 --- a/2005/2xxx/CVE-2005-2940.json +++ b/2005/2xxx/CVE-2005-2940.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2940", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) might allow local users to gain privileges via a malicious \"program.exe\" file in the C: folder, involving the programs (1) GIANTAntiSpywareMain.exe, (2) gcASNotice.exe, (3) gcasServ.exe, (4) gcasSWUpdater.exe, or (5) GIANTAntiSpywareUpdater.exe. NOTE: it is not clear whether this overlaps CVE-2005-2935." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051115 Multiple Vendor Insecure Call to CreateProcess() Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=340&type=vulnerabilities" - }, - { - "name" : "15448", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15448" - }, - { - "name" : "1015226", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015226" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) might allow local users to gain privileges via a malicious \"program.exe\" file in the C: folder, involving the programs (1) GIANTAntiSpywareMain.exe, (2) gcASNotice.exe, (3) gcasServ.exe, (4) gcasSWUpdater.exe, or (5) GIANTAntiSpywareUpdater.exe. NOTE: it is not clear whether this overlaps CVE-2005-2935." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15448", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15448" + }, + { + "name": "20051115 Multiple Vendor Insecure Call to CreateProcess() Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=340&type=vulnerabilities" + }, + { + "name": "1015226", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015226" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2997.json b/2005/2xxx/CVE-2005-2997.json index fd7c2eb0313..cab28298b5c 100644 --- a/2005/2xxx/CVE-2005-2997.json +++ b/2005/2xxx/CVE-2005-2997.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in PHP Advanced Transfer Manager 1.30 allow remote attackers to read arbitrary files via \"..\" sequences in (1) the currentdir parameter to txt.php, or the current_dir parameter to (2) htm.php or (3) html.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://rgod.altervista.org/phpatm130.html", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/phpatm130.html" - }, - { - "name" : "16867", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in PHP Advanced Transfer Manager 1.30 allow remote attackers to read arbitrary files via \"..\" sequences in (1) the currentdir parameter to txt.php, or the current_dir parameter to (2) htm.php or (3) html.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://rgod.altervista.org/phpatm130.html", + "refsource": "MISC", + "url": "http://rgod.altervista.org/phpatm130.html" + }, + { + "name": "16867", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16867" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3494.json b/2005/3xxx/CVE-2005-3494.json index 8d243270dac..4cf8259a3ac 100644 --- a/2005/3xxx/CVE-2005-3494.json +++ b/2005/3xxx/CVE-2005-3494.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Ar-blog 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog comment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051024 Fwd: Vulnerability in Ar-blog ver 5.2 and prior versions", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038133.html" - }, - { - "name" : "15201", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15201" - }, - { - "name" : "1015100", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015100" - }, - { - "name" : "17307", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Ar-blog 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog comment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17307", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17307" + }, + { + "name": "1015100", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015100" + }, + { + "name": "20051024 Fwd: Vulnerability in Ar-blog ver 5.2 and prior versions", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038133.html" + }, + { + "name": "15201", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15201" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3509.json b/2005/3xxx/CVE-2005-3509.json index dfe5559f7dc..f02dac40b53 100644 --- a/2005/3xxx/CVE-2005-3509.json +++ b/2005/3xxx/CVE-2005-3509.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in JPortal allow remote attackers to execute arbitrary SQL commands via (1) banner.php or the id parameter to (2) print.php, (3) comment.php, and (4) news.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.security.nnov.ru/Kdocument105.html", - "refsource" : "MISC", - "url" : "http://www.security.nnov.ru/Kdocument105.html" - }, - { - "name" : "http://foro.elhacker.net/index.php?topic=93436.0", - "refsource" : "MISC", - "url" : "http://foro.elhacker.net/index.php?topic=93436.0" - }, - { - "name" : "15324", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15324" - }, - { - "name" : "ADV-2005-2310", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2310" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in JPortal allow remote attackers to execute arbitrary SQL commands via (1) banner.php or the id parameter to (2) print.php, (3) comment.php, and (4) news.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://foro.elhacker.net/index.php?topic=93436.0", + "refsource": "MISC", + "url": "http://foro.elhacker.net/index.php?topic=93436.0" + }, + { + "name": "15324", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15324" + }, + { + "name": "ADV-2005-2310", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2310" + }, + { + "name": "http://www.security.nnov.ru/Kdocument105.html", + "refsource": "MISC", + "url": "http://www.security.nnov.ru/Kdocument105.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5324.json b/2007/5xxx/CVE-2007-5324.json index 9df6a153c9a..282a9c198de 100644 --- a/2007/5xxx/CVE-2007-5324.json +++ b/2007/5xxx/CVE-2007-5324.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5324", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-2582. Reason: This candidate is a duplicate of CVE-2007-2582. Notes: All CVE users should reference CVE-2007-2582 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2007-5324", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-2582. Reason: This candidate is a duplicate of CVE-2007-2582. Notes: All CVE users should reference CVE-2007-2582 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5336.json b/2007/5xxx/CVE-2007-5336.json index 06c27052c09..4f7e703fd95 100644 --- a/2007/5xxx/CVE-2007-5336.json +++ b/2007/5xxx/CVE-2007-5336.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5336", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-5339. Reason: This candidate is a reservation duplicate of CVE-2007-5339. Notes: All CVE users should reference CVE-2007-5339 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2007-5336", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-5339. Reason: This candidate is a reservation duplicate of CVE-2007-5339. Notes: All CVE users should reference CVE-2007-5339 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5338.json b/2007/5xxx/CVE-2007-5338.json index b0bd2e58d78..9f59931b535 100644 --- a/2007/5xxx/CVE-2007-5338.json +++ b/2007/5xxx/CVE-2007-5338.json @@ -1,302 +1,302 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5338", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-5338", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071029 FLEA-2007-0062-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482925/100/0/threaded" - }, - { - "name" : "20071026 rPSA-2007-0225-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482876/100/200/threaded" - }, - { - "name" : "20071029 rPSA-2007-0225-2 firefox thunderbird", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482932/100/200/threaded" - }, - { - "name" : "http://www.mozilla.org/security/announce/2007/mfsa2007-35.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2007/mfsa2007-35.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1858", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1858" - }, - { - "name" : "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html" - }, - { - "name" : "DSA-1396", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1396" - }, - { - "name" : "DSA-1401", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1401" - }, - { - "name" : "DSA-1392", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1392" - }, - { - "name" : "FEDORA-2007-2601", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html" - }, - { - "name" : "FEDORA-2007-2664", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html" - }, - { - "name" : "FEDORA-2007-3431", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html" - }, - { - "name" : "GLSA-200711-14", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" - }, - { - "name" : "MDKSA-2007:202", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202" - }, - { - "name" : "RHSA-2007:0979", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0979.html" - }, - { - "name" : "RHSA-2007:0980", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0980.html" - }, - { - "name" : "RHSA-2007:0981", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0981.html" - }, - { - "name" : "201516", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1" - }, - { - "name" : "SUSE-SA:2007:057", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_57_mozilla.html" - }, - { - "name" : "USN-535-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/535-1/" - }, - { - "name" : "USN-536-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-536-1" - }, - { - "name" : "26132", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26132" - }, - { - "name" : "oval:org.mitre.oval:def:10965", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10965" - }, - { - "name" : "ADV-2007-3544", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3544" - }, - { - "name" : "ADV-2007-3587", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3587" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "1018836", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018836" - }, - { - "name" : "27276", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27276" - }, - { - "name" : "27325", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27325" - }, - { - "name" : "27327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27327" - }, - { - "name" : "27335", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27335" - }, - { - "name" : "27356", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27356" - }, - { - "name" : "27383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27383" - }, - { - "name" : "27425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27425" - }, - { - "name" : "27403", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27403" - }, - { - "name" : "27480", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27480" - }, - { - "name" : "27387", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27387" - }, - { - "name" : "27298", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27298" - }, - { - "name" : "27311", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27311" - }, - { - "name" : "27315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27315" - }, - { - "name" : "27336", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27336" - }, - { - "name" : "27665", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27665" - }, - { - "name" : "27414", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27414" - }, - { - "name" : "27680", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27680" - }, - { - "name" : "27360", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27360" - }, - { - "name" : "28398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28398" - }, - { - "name" : "mozilla-xpcnativewrapper-code-execution(37288)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37288" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2007-2601", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html" + }, + { + "name": "20071026 rPSA-2007-0225-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482876/100/200/threaded" + }, + { + "name": "ADV-2007-3587", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3587" + }, + { + "name": "27414", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27414" + }, + { + "name": "20071029 FLEA-2007-0062-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482925/100/0/threaded" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1858", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1858" + }, + { + "name": "GLSA-200711-14", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml" + }, + { + "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-35.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-35.html" + }, + { + "name": "27360", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27360" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" + }, + { + "name": "27298", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27298" + }, + { + "name": "27315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27315" + }, + { + "name": "27327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27327" + }, + { + "name": "ADV-2007-3544", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3544" + }, + { + "name": "27276", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27276" + }, + { + "name": "USN-535-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/535-1/" + }, + { + "name": "DSA-1401", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1401" + }, + { + "name": "DSA-1392", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1392" + }, + { + "name": "RHSA-2007:0980", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0980.html" + }, + { + "name": "27383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27383" + }, + { + "name": "SUSE-SA:2007:057", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_57_mozilla.html" + }, + { + "name": "27356", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27356" + }, + { + "name": "RHSA-2007:0981", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0981.html" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "27387", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27387" + }, + { + "name": "FEDORA-2007-3431", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html" + }, + { + "name": "27403", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27403" + }, + { + "name": "27336", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27336" + }, + { + "name": "DSA-1396", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1396" + }, + { + "name": "1018836", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018836" + }, + { + "name": "27425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27425" + }, + { + "name": "28398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28398" + }, + { + "name": "mozilla-xpcnativewrapper-code-execution(37288)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37288" + }, + { + "name": "27311", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27311" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" + }, + { + "name": "27325", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27325" + }, + { + "name": "MDKSA-2007:202", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202" + }, + { + "name": "27665", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27665" + }, + { + "name": "RHSA-2007:0979", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0979.html" + }, + { + "name": "27335", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27335" + }, + { + "name": "FEDORA-2007-2664", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html" + }, + { + "name": "27480", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27480" + }, + { + "name": "27680", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27680" + }, + { + "name": "26132", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26132" + }, + { + "name": "oval:org.mitre.oval:def:10965", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10965" + }, + { + "name": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html" + }, + { + "name": "201516", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1" + }, + { + "name": "20071029 rPSA-2007-0225-2 firefox thunderbird", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482932/100/200/threaded" + }, + { + "name": "USN-536-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-536-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2544.json b/2009/2xxx/CVE-2009-2544.json index 71e93b059f4..6e20e30bfb4 100644 --- a/2009/2xxx/CVE-2009-2544.json +++ b/2009/2xxx/CVE-2009-2544.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. (dot dot) in a pathname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9093", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. (dot dot) in a pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9093", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9093" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2610.json b/2009/2xxx/CVE-2009-2610.json index 415f3d8d7bb..fb86890dbc9 100644 --- a/2009/2xxx/CVE-2009-2610.json +++ b/2009/2xxx/CVE-2009-2610.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Links Related module in the Links Package 5.x before 5.x-1.13 and 6.x before 6.x-1.2, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via the title field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/501356", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/501356" - }, - { - "name" : "http://drupal.org/node/501360", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/501360" - }, - { - "name" : "http://drupal.org/node/502112", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/502112" - }, - { - "name" : "35491", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35491" - }, - { - "name" : "55326", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55326" - }, - { - "name" : "35557", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35557" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Links Related module in the Links Package 5.x before 5.x-1.13 and 6.x before 6.x-1.2, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via the title field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35557", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35557" + }, + { + "name": "http://drupal.org/node/501360", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/501360" + }, + { + "name": "http://drupal.org/node/502112", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/502112" + }, + { + "name": "55326", + "refsource": "OSVDB", + "url": "http://osvdb.org/55326" + }, + { + "name": "35491", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35491" + }, + { + "name": "http://drupal.org/node/501356", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/501356" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0009.json b/2015/0xxx/CVE-2015-0009.json index 86ffa5f6bd2..8d6f2e635fd 100644 --- a/2015/0xxx/CVE-2015-0009.json +++ b/2015/0xxx/CVE-2015-0009.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows man-in-the-middle attackers to disable a signing requirement and trigger a revert-to-default action by spoofing domain-controller responses, aka \"Group Policy Security Feature Bypass Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-0009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx" - }, - { - "name" : "MS15-014", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-014" - }, - { - "name" : "72476", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72476" - }, - { - "name" : "1031722", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031722" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows man-in-the-middle attackers to disable a signing requirement and trigger a revert-to-default action by spoofing domain-controller responses, aka \"Group Policy Security Feature Bypass Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-014", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-014" + }, + { + "name": "72476", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72476" + }, + { + "name": "1031722", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031722" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0331.json b/2015/0xxx/CVE-2015-0331.json index 764b4052ddb..90ead785da9 100644 --- a/2015/0xxx/CVE-2015-0331.json +++ b/2015/0xxx/CVE-2015-0331.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-0331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html" - }, - { - "name" : "openSUSE-SU-2015:0725", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html" - }, - { - "name" : "72698", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72698", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72698" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html" + }, + { + "name": "openSUSE-SU-2015:0725", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3153.json b/2015/3xxx/CVE-2015-3153.json index 95ddb61e3eb..5b7446de2bd 100644 --- a/2015/3xxx/CVE-2015-3153.json +++ b/2015/3xxx/CVE-2015-3153.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3153", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-3153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://curl.haxx.se/docs/adv_20150429.html", - "refsource" : "CONFIRM", - "url" : "http://curl.haxx.se/docs/adv_20150429.html" - }, - { - "name" : "https://support.apple.com/kb/HT205031", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205031" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10131", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10131" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "APPLE-SA-2015-08-13-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" - }, - { - "name" : "DSA-3240", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3240" - }, - { - "name" : "openSUSE-SU-2015:0861", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html" - }, - { - "name" : "USN-2591-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2591-1" - }, - { - "name" : "74408", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74408" - }, - { - "name" : "1032233", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032233" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10131", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10131" + }, + { + "name": "1032233", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032233" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "USN-2591-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2591-1" + }, + { + "name": "openSUSE-SU-2015:0861", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html" + }, + { + "name": "APPLE-SA-2015-08-13-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" + }, + { + "name": "https://support.apple.com/kb/HT205031", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205031" + }, + { + "name": "74408", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74408" + }, + { + "name": "http://curl.haxx.se/docs/adv_20150429.html", + "refsource": "CONFIRM", + "url": "http://curl.haxx.se/docs/adv_20150429.html" + }, + { + "name": "DSA-3240", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3240" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4148.json b/2015/4xxx/CVE-2015-4148.json index 186ad14aa78..215906121d9 100644 --- a/2015/4xxx/CVE-2015-4148.json +++ b/2015/4xxx/CVE-2015-4148.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a \"type confusion\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150601 Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize()", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2015/06/01/4" - }, - { - "name" : "http://php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-5.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=69085", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=69085" - }, - { - "name" : "https://support.apple.com/kb/HT205031", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205031" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "APPLE-SA-2015-08-13-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" - }, - { - "name" : "GLSA-201606-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-10" - }, - { - "name" : "RHSA-2015:1135", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1135.html" - }, - { - "name" : "RHSA-2015:1053", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1053.html" - }, - { - "name" : "RHSA-2015:1066", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1066.html" - }, - { - "name" : "RHSA-2015:1218", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1218.html" - }, - { - "name" : "openSUSE-SU-2015:1057", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-06/msg00028.html" - }, - { - "name" : "75103", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75103" - }, - { - "name" : "1032459", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a \"type confusion\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "1032459", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032459" + }, + { + "name": "[oss-security] 20150601 Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize()", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2015/06/01/4" + }, + { + "name": "http://php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-5.php" + }, + { + "name": "APPLE-SA-2015-08-13-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" + }, + { + "name": "https://bugs.php.net/bug.php?id=69085", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=69085" + }, + { + "name": "RHSA-2015:1135", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1135.html" + }, + { + "name": "https://support.apple.com/kb/HT205031", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205031" + }, + { + "name": "RHSA-2015:1053", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1053.html" + }, + { + "name": "openSUSE-SU-2015:1057", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00028.html" + }, + { + "name": "GLSA-201606-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-10" + }, + { + "name": "75103", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75103" + }, + { + "name": "RHSA-2015:1066", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1066.html" + }, + { + "name": "RHSA-2015:1218", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1218.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4887.json b/2015/4xxx/CVE-2015-4887.json index ecf815fd231..92002efe350 100644 --- a/2015/4xxx/CVE-2015-4887.json +++ b/2015/4xxx/CVE-2015-4887.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ePerformance." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "1033903", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033903" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ePerformance." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "1033903", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033903" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4971.json b/2015/4xxx/CVE-2015-4971.json index 55915ac8599..8862f242ac2 100644 --- a/2015/4xxx/CVE-2015-4971.json +++ b/2015/4xxx/CVE-2015-4971.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Emptoris Strategic Supply Management Platform and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-4971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21966754", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21966754" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Emptoris Strategic Supply Management Platform and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8230.json b/2015/8xxx/CVE-2015-8230.json index e412ba76e03..cede086aa36 100644 --- a/2015/8xxx/CVE-2015-8230.json +++ b/2015/8xxx/CVE-2015-8230.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in Huawei eSpace 8950 IP phones with software before V200R003C00SPC300 allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of crafted ARP packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461217.htm", - "refsource" : "CONFIRM", - "url" : "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461217.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in Huawei eSpace 8950 IP phones with software before V200R003C00SPC300 allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of crafted ARP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461217.htm", + "refsource": "CONFIRM", + "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461217.htm" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8538.json b/2015/8xxx/CVE-2015-8538.json index feb5c8485f9..4ed1888efbc 100644 --- a/2015/8xxx/CVE-2015-8538.json +++ b/2015/8xxx/CVE-2015-8538.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20151210 Re: CVE request - a out of bound read bug is found in libdwarf", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/12/10/3" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1291299", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1291299" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1291299", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291299" + }, + { + "name": "[oss-security] 20151210 Re: CVE request - a out of bound read bug is found in libdwarf", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/12/10/3" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8583.json b/2015/8xxx/CVE-2015-8583.json index b74ae851e19..6c261b98655 100644 --- a/2015/8xxx/CVE-2015-8583.json +++ b/2015/8xxx/CVE-2015-8583.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8583", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-8583", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8598.json b/2015/8xxx/CVE-2015-8598.json index e2b4ed10e4d..d63475cf2ec 100644 --- a/2015/8xxx/CVE-2015-8598.json +++ b/2015/8xxx/CVE-2015-8598.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8598", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8598", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8606.json b/2015/8xxx/CVE-2015-8606.json index 8955f475715..36a9b5fcb07 100644 --- a/2015/8xxx/CVE-2015-8606.json +++ b/2015/8xxx/CVE-2015-8606.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151213 SilverStripe CMS & Framework v3.2.0 - Cross-Site Scripting Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Dec/55" - }, - { - "name" : "[oss-security] 20151217 Cross site scripting vulnerability (XSS) in SilverStripe CMS & Framework v3.2.0", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/12/17/1" - }, - { - "name" : "[oss-security] 20151217 Re: Cross site scripting vulnerability (XSS) in SilverStripe CMS & Framework v3.2.0", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/12/17/11" - }, - { - "name" : "[oss-security] 20151218 [FD] [CVE-2015-8606] SilverStripe CMS & Framework v3.2.0 - Cross-Site Scripting Vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/12/18/5" - }, - { - "name" : "http://www.silverstripe.org/download/security-releases/ss-2015-026", - "refsource" : "CONFIRM", - "url" : "http://www.silverstripe.org/download/security-releases/ss-2015-026" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20151217 Cross site scripting vulnerability (XSS) in SilverStripe CMS & Framework v3.2.0", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/12/17/1" + }, + { + "name": "[oss-security] 20151217 Re: Cross site scripting vulnerability (XSS) in SilverStripe CMS & Framework v3.2.0", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/12/17/11" + }, + { + "name": "[oss-security] 20151218 [FD] [CVE-2015-8606] SilverStripe CMS & Framework v3.2.0 - Cross-Site Scripting Vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/12/18/5" + }, + { + "name": "http://www.silverstripe.org/download/security-releases/ss-2015-026", + "refsource": "CONFIRM", + "url": "http://www.silverstripe.org/download/security-releases/ss-2015-026" + }, + { + "name": "20151213 SilverStripe CMS & Framework v3.2.0 - Cross-Site Scripting Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Dec/55" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9059.json b/2015/9xxx/CVE-2015-9059.json index b53bb9ec0c5..1e0d3fa322d 100644 --- a/2015/9xxx/CVE-2015-9059.json +++ b/2015/9xxx/CVE-2015-9059.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-9059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1", - "refsource" : "CONFIRM", - "url" : "https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1", + "refsource": "CONFIRM", + "url": "https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5652.json b/2016/5xxx/CVE-2016-5652.json index 2aa8a64dea2..61f6b0bf36e 100644 --- a/2016/5xxx/CVE-2016-5652.json +++ b/2016/5xxx/CVE-2016-5652.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-5652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LibTiff", - "version" : { - "version_data" : [ - { - "version_value" : "4.0.6" - } - ] - } - } - ] - }, - "vendor_name" : "LibTiff" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "heap buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-5652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LibTiff", + "version": { + "version_data": [ + { + "version_value": "4.0.6" + } + ] + } + } + ] + }, + "vendor_name": "LibTiff" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0187/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0187/" - }, - { - "name" : "DSA-3762", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3762" - }, - { - "name" : "GLSA-201701-16", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-16" - }, - { - "name" : "RHSA-2017:0225", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0225.html" - }, - { - "name" : "93902", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93902" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "heap buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201701-16", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-16" + }, + { + "name": "RHSA-2017:0225", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html" + }, + { + "name": "DSA-3762", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3762" + }, + { + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0187/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0187/" + }, + { + "name": "93902", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93902" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5673.json b/2016/5xxx/CVE-2016-5673.json index 9489f3baf28..ad3db504375 100644 --- a/2016/5xxx/CVE-2016-5673.json +++ b/2016/5xxx/CVE-2016-5673.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-5673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "UltraVNC Repeater before 1300 does not restrict destination IP addresses or TCP ports, which allows remote attackers to obtain open-proxy functionality by using a :: substring in between the IP address and port number." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-5673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/BLUU-A9WQVP", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/BLUU-A9WQVP" - }, - { - "name" : "VU#735416", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/735416" - }, - { - "name" : "92348", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92348" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UltraVNC Repeater before 1300 does not restrict destination IP addresses or TCP ports, which allows remote attackers to obtain open-proxy functionality by using a :: substring in between the IP address and port number." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kb.cert.org/vuls/id/BLUU-A9WQVP", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/BLUU-A9WQVP" + }, + { + "name": "VU#735416", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/735416" + }, + { + "name": "92348", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92348" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5758.json b/2016/5xxx/CVE-2016-5758.json index 46e14122ef2..12a86463747 100644 --- a/2016/5xxx/CVE-2016-5758.json +++ b/2016/5xxx/CVE-2016-5758.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "ID" : "CVE-2016-5758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NetIQ Access Manager", - "version" : { - "version_data" : [ - { - "version_value" : "NetIQ Access Manager" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "cross site request forgery" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2016-5758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetIQ Access Manager", + "version": { + "version_data": [ + { + "version_value": "NetIQ Access Manager" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.novell.com/support/kb/doc.php?id=7017817", - "refsource" : "CONFIRM", - "url" : "https://www.novell.com/support/kb/doc.php?id=7017817" - }, - { - "name" : "97035", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97035" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "cross site request forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.novell.com/support/kb/doc.php?id=7017817", + "refsource": "CONFIRM", + "url": "https://www.novell.com/support/kb/doc.php?id=7017817" + }, + { + "name": "97035", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97035" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2455.json b/2018/2xxx/CVE-2018-2455.json index a6b142a62fe..d6d7f9f239a 100644 --- a/2018/2xxx/CVE-2018-2455.json +++ b/2018/2xxx/CVE-2018-2455.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2018-2455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP Enterprise Financial Services", - "version" : { - "version_data" : [ - { - "version_name" : "=", - "version_value" : "6.05" - }, - { - "version_name" : "=", - "version_value" : "6.06" - }, - { - "version_name" : "=", - "version_value" : "6.16" - }, - { - "version_name" : "=", - "version_value" : "6.17" - }, - { - "version_name" : "=", - "version_value" : "6.18" - }, - { - "version_name" : "=", - "version_value" : "8.0" - } - ] - } - } - ] - }, - "vendor_name" : "SAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_SEPA) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Authorization" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2018-2455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP Enterprise Financial Services", + "version": { + "version_data": [ + { + "version_name": "=", + "version_value": "6.05" + }, + { + "version_name": "=", + "version_value": "6.06" + }, + { + "version_name": "=", + "version_value": "6.16" + }, + { + "version_name": "=", + "version_value": "6.17" + }, + { + "version_name": "=", + "version_value": "6.18" + }, + { + "version_name": "=", + "version_value": "8.0" + } + ] + } + } + ] + }, + "vendor_name": "SAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.support.sap.com/#/notes/2646067", - "refsource" : "MISC", - "url" : "https://launchpad.support.sap.com/#/notes/2646067" - }, - { - "name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993", - "refsource" : "CONFIRM", - "url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993" - }, - { - "name" : "105320", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105320" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_SEPA) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993", + "refsource": "CONFIRM", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993" + }, + { + "name": "105320", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105320" + }, + { + "name": "https://launchpad.support.sap.com/#/notes/2646067", + "refsource": "MISC", + "url": "https://launchpad.support.sap.com/#/notes/2646067" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2669.json b/2018/2xxx/CVE-2018-2669.json index 9c671a4e55a..1618289724c 100644 --- a/2018/2xxx/CVE-2018-2669.json +++ b/2018/2xxx/CVE-2018-2669.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Reporting and Analytics", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.5.1" - }, - { - "version_affected" : "=", - "version_value" : "9.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Reporting and Analytics", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.5.1" + }, + { + "version_affected": "=", + "version_value": "9.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102570", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102570" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "102570", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102570" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2671.json b/2018/2xxx/CVE-2018-2671.json index b726d7c8227..b926b37a165 100644 --- a/2018/2xxx/CVE-2018-2671.json +++ b/2018/2xxx/CVE-2018-2671.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise SCM Purchasing", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "9.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise SCM Purchasing component of Oracle PeopleSoft Products (subcomponent: Supplier Registration). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM Purchasing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise SCM Purchasing accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM Purchasing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise SCM Purchasing accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise SCM Purchasing", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102602", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102602" - }, - { - "name" : "1040204", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise SCM Purchasing component of Oracle PeopleSoft Products (subcomponent: Supplier Registration). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM Purchasing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise SCM Purchasing accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM Purchasing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise SCM Purchasing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "102602", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102602" + }, + { + "name": "1040204", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040204" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2685.json b/2018/2xxx/CVE-2018-2685.json index 4365c98fe05..4165c9d3c15 100644 --- a/2018/2xxx/CVE-2018-2685.json +++ b/2018/2xxx/CVE-2018-2685.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102689", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102689" - }, - { - "name" : "1040202", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040202" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "1040202", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040202" + }, + { + "name": "102689", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102689" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6160.json b/2018/6xxx/CVE-2018-6160.json index b545aa107a9..9509dd22b7f 100644 --- a/2018/6xxx/CVE-2018-6160.json +++ b/2018/6xxx/CVE-2018-6160.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-6160", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "68.0.3440.75" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "JavaScript alert handling in Prompts in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Inappropriate implementation" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-6160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "68.0.3440.75" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/839822", - "refsource" : "MISC", - "url" : "https://crbug.com/839822" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html" - }, - { - "name" : "GLSA-201808-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201808-01" - }, - { - "name" : "104887", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JavaScript alert handling in Prompts in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201808-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201808-01" + }, + { + "name": "104887", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104887" + }, + { + "name": "https://crbug.com/839822", + "refsource": "MISC", + "url": "https://crbug.com/839822" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6171.json b/2018/6xxx/CVE-2018-6171.json index f4074c0b8a9..0fd549d3857 100644 --- a/2018/6xxx/CVE-2018-6171.json +++ b/2018/6xxx/CVE-2018-6171.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6171", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6171", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6598.json b/2018/6xxx/CVE-2018-6598.json index 90edb4251b0..ce05bb9ebd7 100644 --- a/2018/6xxx/CVE-2018-6598.json +++ b/2018/6xxx/CVE-2018-6598.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices. Any app co-located on the device can send an intent to factory reset the device programmatically because of com.android.server.MasterClearReceiver. This does not require any user interaction and does not require any permission to perform. A factory reset will remove all user data from the device. This will result in the loss of any data that the user has not backed up or synced externally. This capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves), although this capability is present in an unprotected component of the Android OS. This vulnerability is not present in Google's Android Open Source Project (AOSP) code. Therefore, it was introduced by Orbic or another entity in the supply chain." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.kryptowire.com/portal/android-firmware-defcon-2018/", - "refsource" : "MISC", - "url" : "https://www.kryptowire.com/portal/android-firmware-defcon-2018/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices. Any app co-located on the device can send an intent to factory reset the device programmatically because of com.android.server.MasterClearReceiver. This does not require any user interaction and does not require any permission to perform. A factory reset will remove all user data from the device. This will result in the loss of any data that the user has not backed up or synced externally. This capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves), although this capability is present in an unprotected component of the Android OS. This vulnerability is not present in Google's Android Open Source Project (AOSP) code. Therefore, it was introduced by Orbic or another entity in the supply chain." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/", + "refsource": "MISC", + "url": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6958.json b/2018/6xxx/CVE-2018-6958.json index a1dabf38e26..faeb72bc7c8 100644 --- a/2018/6xxx/CVE-2018-6958.json +++ b/2018/6xxx/CVE-2018-6958.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "DATE_PUBLIC" : "2018-04-12T00:00:00", - "ID" : "CVE-2018-6958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "vRealize Automation", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 7.3.1" - } - ] - } - } - ] - }, - "vendor_name" : "VMware" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DOM-based cross-site scripting (XSS) vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "DATE_PUBLIC": "2018-04-12T00:00:00", + "ID": "CVE-2018-6958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "vRealize Automation", + "version": { + "version_data": [ + { + "version_value": "prior to 7.3.1" + } + ] + } + } + ] + }, + "vendor_name": "VMware" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2018-0009.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2018-0009.html" - }, - { - "name" : "103752", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103752" - }, - { - "name" : "1040676", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040676" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DOM-based cross-site scripting (XSS) vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103752", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103752" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2018-0009.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2018-0009.html" + }, + { + "name": "1040676", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040676" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7914.json b/2018/7xxx/CVE-2018-7914.json index 7cbc18363ef..a611689daa6 100644 --- a/2018/7xxx/CVE-2018-7914.json +++ b/2018/7xxx/CVE-2018-7914.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7914", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7914", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0060.json b/2019/0xxx/CVE-2019-0060.json index 327f0ed9d84..4d2ca6dee8a 100644 --- a/2019/0xxx/CVE-2019-0060.json +++ b/2019/0xxx/CVE-2019-0060.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0060", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0060", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0682.json b/2019/0xxx/CVE-2019-0682.json index ac88437fd3c..95079fccff6 100644 --- a/2019/0xxx/CVE-2019-0682.json +++ b/2019/0xxx/CVE-2019-0682.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0682", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0682", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1283.json b/2019/1xxx/CVE-2019-1283.json index bb37727e4b5..e05f3cbeb1e 100644 --- a/2019/1xxx/CVE-2019-1283.json +++ b/2019/1xxx/CVE-2019-1283.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1283", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1283", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1540.json b/2019/1xxx/CVE-2019-1540.json index f64b3df57c0..aaa120d12e7 100644 --- a/2019/1xxx/CVE-2019-1540.json +++ b/2019/1xxx/CVE-2019-1540.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1540", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1540", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1730.json b/2019/1xxx/CVE-2019-1730.json index 113672e1c61..d33aa8f3a48 100644 --- a/2019/1xxx/CVE-2019-1730.json +++ b/2019/1xxx/CVE-2019-1730.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1730", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1730", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1732.json b/2019/1xxx/CVE-2019-1732.json index 8711a815da9..098440a7f1c 100644 --- a/2019/1xxx/CVE-2019-1732.json +++ b/2019/1xxx/CVE-2019-1732.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1732", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1732", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5056.json b/2019/5xxx/CVE-2019-5056.json index ea607534e0c..62121ba8534 100644 --- a/2019/5xxx/CVE-2019-5056.json +++ b/2019/5xxx/CVE-2019-5056.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5056", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5056", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5199.json b/2019/5xxx/CVE-2019-5199.json index b2d51d263cd..fd890c68cad 100644 --- a/2019/5xxx/CVE-2019-5199.json +++ b/2019/5xxx/CVE-2019-5199.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5199", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5199", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5890.json b/2019/5xxx/CVE-2019-5890.json index 9af9b8630f8..7b4201f34c9 100644 --- a/2019/5xxx/CVE-2019-5890.json +++ b/2019/5xxx/CVE-2019-5890.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5890", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5890", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file