From 7ad83ff2f7a6a0e05348e068ec98788048434595 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:21:22 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/1xxx/CVE-1999-1082.json | 130 +++++++-------- 1999/1xxx/CVE-1999-1520.json | 140 ++++++++-------- 2005/2xxx/CVE-2005-2284.json | 130 +++++++-------- 2005/2xxx/CVE-2005-2319.json | 160 +++++++++--------- 2005/2xxx/CVE-2005-2511.json | 130 +++++++-------- 2005/2xxx/CVE-2005-2825.json | 34 ++-- 2005/3xxx/CVE-2005-3317.json | 210 ++++++++++++------------ 2005/3xxx/CVE-2005-3714.json | 170 +++++++++---------- 2005/4xxx/CVE-2005-4066.json | 150 ++++++++--------- 2005/4xxx/CVE-2005-4157.json | 170 +++++++++---------- 2005/4xxx/CVE-2005-4371.json | 160 +++++++++--------- 2005/4xxx/CVE-2005-4385.json | 150 ++++++++--------- 2005/4xxx/CVE-2005-4658.json | 150 ++++++++--------- 2009/2xxx/CVE-2009-2333.json | 160 +++++++++--------- 2009/2xxx/CVE-2009-2946.json | 150 ++++++++--------- 2009/2xxx/CVE-2009-2967.json | 200 +++++++++++------------ 2009/3xxx/CVE-2009-3243.json | 180 ++++++++++----------- 2009/3xxx/CVE-2009-3552.json | 34 ++-- 2009/3xxx/CVE-2009-3784.json | 150 ++++++++--------- 2009/3xxx/CVE-2009-3809.json | 140 ++++++++-------- 2009/3xxx/CVE-2009-3884.json | 240 +++++++++++++-------------- 2009/4xxx/CVE-2009-4059.json | 160 +++++++++--------- 2009/4xxx/CVE-2009-4132.json | 34 ++-- 2009/4xxx/CVE-2009-4613.json | 130 +++++++-------- 2009/4xxx/CVE-2009-4862.json | 130 +++++++-------- 2015/0xxx/CVE-2015-0199.json | 150 ++++++++--------- 2015/0xxx/CVE-2015-0275.json | 210 ++++++++++++------------ 2015/0xxx/CVE-2015-0457.json | 130 +++++++-------- 2015/0xxx/CVE-2015-0534.json | 150 ++++++++--------- 2015/0xxx/CVE-2015-0572.json | 160 +++++++++--------- 2015/0xxx/CVE-2015-0741.json | 140 ++++++++-------- 2015/1xxx/CVE-2015-1135.json | 150 ++++++++--------- 2015/1xxx/CVE-2015-1229.json | 180 ++++++++++----------- 2015/1xxx/CVE-2015-1485.json | 140 ++++++++-------- 2015/1xxx/CVE-2015-1648.json | 130 +++++++-------- 2015/1xxx/CVE-2015-1686.json | 150 ++++++++--------- 2015/4xxx/CVE-2015-4125.json | 34 ++-- 2015/4xxx/CVE-2015-4351.json | 140 ++++++++-------- 2015/4xxx/CVE-2015-4418.json | 140 ++++++++-------- 2015/4xxx/CVE-2015-4816.json | 240 +++++++++++++-------------- 2015/5xxx/CVE-2015-5084.json | 150 ++++++++--------- 2015/5xxx/CVE-2015-5359.json | 130 +++++++-------- 2018/2xxx/CVE-2018-2020.json | 34 ++-- 2018/2xxx/CVE-2018-2195.json | 34 ++-- 2018/2xxx/CVE-2018-2287.json | 34 ++-- 2018/2xxx/CVE-2018-2445.json | 156 +++++++++--------- 2018/2xxx/CVE-2018-2973.json | 306 +++++++++++++++++------------------ 2018/3xxx/CVE-2018-3526.json | 34 ++-- 2018/3xxx/CVE-2018-3617.json | 35 ++-- 2018/3xxx/CVE-2018-3977.json | 122 +++++++------- 2018/6xxx/CVE-2018-6383.json | 120 +++++++------- 2018/6xxx/CVE-2018-6418.json | 34 ++-- 2018/6xxx/CVE-2018-6959.json | 142 ++++++++-------- 2018/6xxx/CVE-2018-6977.json | 192 +++++++++++----------- 2018/7xxx/CVE-2018-7011.json | 34 ++-- 2018/7xxx/CVE-2018-7241.json | 140 ++++++++-------- 56 files changed, 3766 insertions(+), 3767 deletions(-) diff --git a/1999/1xxx/CVE-1999-1082.json b/1999/1xxx/CVE-1999-1082.json index 1b542e41ec4..e9009453721 100644 --- a/1999/1xxx/CVE-1999-1082.json +++ b/1999/1xxx/CVE-1999-1082.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Jana proxy web server 1.40 allows remote attackers to ready arbitrary files via a \"......\" (modified dot dot) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19991008 Jana webserver exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=93941794201059&w=2" - }, - { - "name" : "699", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/699" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Jana proxy web server 1.40 allows remote attackers to ready arbitrary files via a \"......\" (modified dot dot) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19991008 Jana webserver exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=93941794201059&w=2" + }, + { + "name": "699", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/699" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1520.json b/1999/1xxx/CVE-1999-1520.json index b8c34c20524..569c0723f1e 100644 --- a/1999/1xxx/CVE-1999-1520.json +++ b/1999/1xxx/CVE-1999-1520.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1520", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1520", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990511 [ALERT] Site Server 3.0 May Expose SQL IDs and PSWs", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=92647407227303&w=2" - }, - { - "name" : "256", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/256" - }, - { - "name" : "siteserver-site-csc(2270)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/2270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "siteserver-site-csc(2270)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2270" + }, + { + "name": "256", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/256" + }, + { + "name": "19990511 [ALERT] Site Server 3.0 May Expose SQL IDs and PSWs", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=92647407227303&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2284.json b/2005/2xxx/CVE-2005-2284.json index f506a586a2b..a8bd435d91a 100644 --- a/2005/2xxx/CVE-2005-2284.json +++ b/2005/2xxx/CVE-2005-2284.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2284", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow remote attackers to modify SQL statements via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2284", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/JGEI-6C8Q27", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/JGEI-6C8Q27" - }, - { - "name" : "VU#372797", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/372797" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow remote attackers to modify SQL statements via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kb.cert.org/vuls/id/JGEI-6C8Q27", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/JGEI-6C8Q27" + }, + { + "name": "VU#372797", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/372797" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2319.json b/2005/2xxx/CVE-2005-2319.json index 3b209387301..2a755d05a81 100644 --- a/2005/2xxx/CVE-2005-2319.json +++ b/2005/2xxx/CVE-2005-2319.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file include vulnerability in Yawp library 1.0.6 and earlier, as used in YaWiki and possibly other products, allows remote attackers to include arbitrary files via the _Yawp[conf_path] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050712 Advisory 10/2005: Yawp/YaWiki Remote URL Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/404948" - }, - { - "name" : "http://www.hardened-php.net/advisory-102005.php", - "refsource" : "MISC", - "url" : "http://www.hardened-php.net/advisory-102005.php" - }, - { - "name" : "http://phpyawp.com/yawiki/index.php?page=ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://phpyawp.com/yawiki/index.php?page=ChangeLog" - }, - { - "name" : "14237", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14237" - }, - { - "name" : "16049", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file include vulnerability in Yawp library 1.0.6 and earlier, as used in YaWiki and possibly other products, allows remote attackers to include arbitrary files via the _Yawp[conf_path] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14237", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14237" + }, + { + "name": "20050712 Advisory 10/2005: Yawp/YaWiki Remote URL Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/404948" + }, + { + "name": "16049", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16049" + }, + { + "name": "http://phpyawp.com/yawiki/index.php?page=ChangeLog", + "refsource": "CONFIRM", + "url": "http://phpyawp.com/yawiki/index.php?page=ChangeLog" + }, + { + "name": "http://www.hardened-php.net/advisory-102005.php", + "refsource": "MISC", + "url": "http://www.hardened-php.net/advisory-102005.php" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2511.json b/2005/2xxx/CVE-2005-2511.json index fd8765dc295..403ef003184 100644 --- a/2005/2xxx/CVE-2005-2511.json +++ b/2005/2xxx/CVE-2005-2511.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal window." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2005-08-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" - }, - { - "name" : "APPLE-SA-2005-08-17", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal window." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2005-08-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" + }, + { + "name": "APPLE-SA-2005-08-17", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2825.json b/2005/2xxx/CVE-2005-2825.json index 06b7ac962ea..5277941a852 100644 --- a/2005/2xxx/CVE-2005-2825.json +++ b/2005/2xxx/CVE-2005-2825.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2825", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2825", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3317.json b/2005/3xxx/CVE-2005-3317.json index ddd571b6314..86d2ccb8730 100644 --- a/2005/3xxx/CVE-2005-3317.json +++ b/2005/3xxx/CVE-2005-3317.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in ZipGenius 5.5.1.468 and 6.0.2.1041, and other versions before 6.0.2.1050, allow remote attackers to execute arbitrary code via (1) a ZIP archive that contains a file with a long filename, which is not properly handled by (a) zipgenius.exe, (b) zg.exe, (c) zgtips.dll, and (d) contmenu.dll; (2) a long original name in a (a) UUE, (b) XXE, or (c) MIM file, which is not properly handled by zipgenius.exe; or (3) an ACE archive with a file with a long filename, which is not properly handled by unacev2.dll." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051021 Secunia Research: ZipGenius Multiple Archive Handling BufferOverflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/414083" - }, - { - "name" : "http://secunia.com/secunia_research/2005-54/advisory", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2005-54/advisory" - }, - { - "name" : "http://forum.zipgenius.it/index.php?showtopic=684", - "refsource" : "CONFIRM", - "url" : "http://forum.zipgenius.it/index.php?showtopic=684" - }, - { - "name" : "15161", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15161" - }, - { - "name" : "20157", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20157" - }, - { - "name" : "20158", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20158" - }, - { - "name" : "20159", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20159" - }, - { - "name" : "1015090", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015090" - }, - { - "name" : "17061", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17061" - }, - { - "name" : "103", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/103" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in ZipGenius 5.5.1.468 and 6.0.2.1041, and other versions before 6.0.2.1050, allow remote attackers to execute arbitrary code via (1) a ZIP archive that contains a file with a long filename, which is not properly handled by (a) zipgenius.exe, (b) zg.exe, (c) zgtips.dll, and (d) contmenu.dll; (2) a long original name in a (a) UUE, (b) XXE, or (c) MIM file, which is not properly handled by zipgenius.exe; or (3) an ACE archive with a file with a long filename, which is not properly handled by unacev2.dll." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20158", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20158" + }, + { + "name": "15161", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15161" + }, + { + "name": "http://forum.zipgenius.it/index.php?showtopic=684", + "refsource": "CONFIRM", + "url": "http://forum.zipgenius.it/index.php?showtopic=684" + }, + { + "name": "17061", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17061" + }, + { + "name": "http://secunia.com/secunia_research/2005-54/advisory", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2005-54/advisory" + }, + { + "name": "1015090", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015090" + }, + { + "name": "103", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/103" + }, + { + "name": "20159", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20159" + }, + { + "name": "20051021 Secunia Research: ZipGenius Multiple Archive Handling BufferOverflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/414083" + }, + { + "name": "20157", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20157" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3714.json b/2005/3xxx/CVE-2005-3714.json index ee79ff07570..125c4cccf04 100644 --- a/2005/3xxx/CVE-2005-3714.json +++ b/2005/3xxx/CVE-2005-3714.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3714", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The network interface for Apple AirPort Express 6.x before Firmware Update 6.3, and AirPort Extreme 5.x before Firmware Update 5.7, allows remote attackers to cause a denial of service (unresponsive interface) via malformed packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2006-01-05", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Jan/msg00000.html" - }, - { - "name" : "16146", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16146" - }, - { - "name" : "ADV-2006-0064", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0064" - }, - { - "name" : "22244", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22244" - }, - { - "name" : "1015443", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015443" - }, - { - "name" : "18319", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18319" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The network interface for Apple AirPort Express 6.x before Firmware Update 6.3, and AirPort Extreme 5.x before Firmware Update 5.7, allows remote attackers to cause a denial of service (unresponsive interface) via malformed packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2006-01-05", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Jan/msg00000.html" + }, + { + "name": "16146", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16146" + }, + { + "name": "18319", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18319" + }, + { + "name": "ADV-2006-0064", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0064" + }, + { + "name": "1015443", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015443" + }, + { + "name": "22244", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22244" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4066.json b/2005/4xxx/CVE-2005-4066.json index 13bdfaff29c..236b76bfe66 100644 --- a/2005/4xxx/CVE-2005-4066.json +++ b/2005/4xxx/CVE-2005-4066.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which allows local users to decrypt the passwords and gain access to FTP servers, as possibly demonstrated by the W32.Gudeb worm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.networksecurity.fi/advisories/total-commander.html", - "refsource" : "MISC", - "url" : "http://www.networksecurity.fi/advisories/total-commander.html" - }, - { - "name" : "ADV-2005-2780", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2780" - }, - { - "name" : "1015311", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015311" - }, - { - "name" : "totalcommander-ftp-weak-encryption(23497)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which allows local users to decrypt the passwords and gain access to FTP servers, as possibly demonstrated by the W32.Gudeb worm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2780", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2780" + }, + { + "name": "totalcommander-ftp-weak-encryption(23497)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23497" + }, + { + "name": "http://www.networksecurity.fi/advisories/total-commander.html", + "refsource": "MISC", + "url": "http://www.networksecurity.fi/advisories/total-commander.html" + }, + { + "name": "1015311", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015311" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4157.json b/2005/4xxx/CVE-2005-4157.json index 421b1bf4b06..f77b0e53185 100644 --- a/2005/4xxx/CVE-2005-4157.json +++ b/2005/4xxx/CVE-2005-4157.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to authenticate to the service using an account that has been disabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kerio.com/kwf_history.html", - "refsource" : "CONFIRM", - "url" : "http://www.kerio.com/kwf_history.html" - }, - { - "name" : "15388", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15388/" - }, - { - "name" : "ADV-2005-2391", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2391" - }, - { - "name" : "1015194", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/alerts/2005/Nov/1015194.html" - }, - { - "name" : "17519", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17519/" - }, - { - "name" : "kerio-winroute-bypass-authentication(23035)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23035" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to authenticate to the service using an account that has been disabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15388", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15388/" + }, + { + "name": "ADV-2005-2391", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2391" + }, + { + "name": "kerio-winroute-bypass-authentication(23035)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23035" + }, + { + "name": "1015194", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/alerts/2005/Nov/1015194.html" + }, + { + "name": "http://www.kerio.com/kwf_history.html", + "refsource": "CONFIRM", + "url": "http://www.kerio.com/kwf_history.html" + }, + { + "name": "17519", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17519/" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4371.json b/2005/4xxx/CVE-2005-4371.json index 7748dd9eafd..64701899396 100644 --- a/2005/4xxx/CVE-2005-4371.json +++ b/2005/4xxx/CVE-2005-4371.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Acidcat 2.1.13 and earlier stores the database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a request to databases/acidcat.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051220 Acidcat ASP CMS Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419905/100/0/threaded" - }, - { - "name" : "http://hamid.ir/security/acidcat.txt", - "refsource" : "MISC", - "url" : "http://hamid.ir/security/acidcat.txt" - }, - { - "name" : "15933", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15933" - }, - { - "name" : "22491", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22491" - }, - { - "name" : "18097", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Acidcat 2.1.13 and earlier stores the database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a request to databases/acidcat.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hamid.ir/security/acidcat.txt", + "refsource": "MISC", + "url": "http://hamid.ir/security/acidcat.txt" + }, + { + "name": "18097", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18097" + }, + { + "name": "22491", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22491" + }, + { + "name": "20051220 Acidcat ASP CMS Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419905/100/0/threaded" + }, + { + "name": "15933", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15933" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4385.json b/2005/4xxx/CVE-2005-4385.json index 94f9efef79d..8be7a905771 100644 --- a/2005/4xxx/CVE-2005-4385.json +++ b/2005/4xxx/CVE-2005-4385.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.htm in Cofax 2.0 RC3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/cofax-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/cofax-xss-vuln.html" - }, - { - "name" : "15940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15940" - }, - { - "name" : "ADV-2005-2977", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2977" - }, - { - "name" : "21850", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21850" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.htm in Cofax 2.0 RC3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15940" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/cofax-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/cofax-xss-vuln.html" + }, + { + "name": "21850", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21850" + }, + { + "name": "ADV-2005-2977", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2977" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4658.json b/2005/4xxx/CVE-2005-4658.json index 33701a3b40f..9c499d676fe 100644 --- a/2005/4xxx/CVE-2005-4658.json +++ b/2005/4xxx/CVE-2005-4658.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4658", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ASP-Programmers.com ASPKnowledgebase allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051109 ASPKnowledgebase vulnerable to XSS injection.", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/lists/bugtraq/2005/Nov/0122.html" - }, - { - "name" : "ADV-2005-2375", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2375" - }, - { - "name" : "20713", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20713" - }, - { - "name" : "17517", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ASP-Programmers.com ASPKnowledgebase allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17517", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17517" + }, + { + "name": "20713", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20713" + }, + { + "name": "20051109 ASPKnowledgebase vulnerable to XSS injection.", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/lists/bugtraq/2005/Nov/0122.html" + }, + { + "name": "ADV-2005-2375", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2375" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2333.json b/2009/2xxx/CVE-2009-2333.json index 721720bc7f0..9a7f1dc9859 100644 --- a/2009/2xxx/CVE-2009-2333.json +++ b/2009/2xxx/CVE-2009-2333.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2333", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the menu parameter to admin/admin_menu.php, and the id parameter to (2) index.php and (3) admin/admin_edit.php; and (4) delete arbitrary local files via a .. (dot dot) in the id parameter to admin/admin_delete.php. NOTE: vector 2 can be leveraged for static code injection by sending a crafted menu parameter to admin/admin_menu.php, and then sending an id=../menu.csv request to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2333", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9069", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9069" - }, - { - "name" : "55666", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55666" - }, - { - "name" : "55667", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55667" - }, - { - "name" : "55668", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55668" - }, - { - "name" : "55669", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55669" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the menu parameter to admin/admin_menu.php, and the id parameter to (2) index.php and (3) admin/admin_edit.php; and (4) delete arbitrary local files via a .. (dot dot) in the id parameter to admin/admin_delete.php. NOTE: vector 2 can be leveraged for static code injection by sending a crafted menu parameter to admin/admin_menu.php, and then sending an id=../menu.csv request to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55666", + "refsource": "OSVDB", + "url": "http://osvdb.org/55666" + }, + { + "name": "9069", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9069" + }, + { + "name": "55668", + "refsource": "OSVDB", + "url": "http://osvdb.org/55668" + }, + { + "name": "55669", + "refsource": "OSVDB", + "url": "http://osvdb.org/55669" + }, + { + "name": "55667", + "refsource": "OSVDB", + "url": "http://osvdb.org/55667" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2946.json b/2009/2xxx/CVE-2009-2946.json index ca8b1b38924..ef140779f88 100644 --- a/2009/2xxx/CVE-2009-2946.json +++ b/2009/2xxx/CVE-2009-2946.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515209", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515209" - }, - { - "name" : "http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=diff&rev=1984&sc=1", - "refsource" : "CONFIRM", - "url" : "http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=diff&rev=1984&sc=1" - }, - { - "name" : "http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=log&rev=0&sc=1&isdir=0", - "refsource" : "CONFIRM", - "url" : "http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=log&rev=0&sc=1&isdir=0" - }, - { - "name" : "DSA-1878", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1878" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=diff&rev=1984&sc=1", + "refsource": "CONFIRM", + "url": "http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=diff&rev=1984&sc=1" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515209", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515209" + }, + { + "name": "http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=log&rev=0&sc=1&isdir=0", + "refsource": "CONFIRM", + "url": "http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=log&rev=0&sc=1&isdir=0" + }, + { + "name": "DSA-1878", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1878" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2967.json b/2009/2xxx/CVE-2009-2967.json index d6705a9638d..9b8d15f4b9d 100644 --- a/2009/2xxx/CVE-2009-2967.json +++ b/2009/2xxx/CVE-2009-2967.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Buildbot 0.7.6 through 0.7.11p2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, different vulnerabilities than CVE-2009-2959." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Buildbot-devel] 20090813 Re: Cross-site scripting vulnerability", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/mailarchive/message.php?msg_name=42338fbf0908130837o86b77d6y725233076286226f%40mail.gmail.com" - }, - { - "name" : "http://buildbot.net/trac#SecurityAlert", - "refsource" : "CONFIRM", - "url" : "http://buildbot.net/trac#SecurityAlert" - }, - { - "name" : "FEDORA-2009-8516", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00978.html" - }, - { - "name" : "FEDORA-2009-8577", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00985.html" - }, - { - "name" : "36100", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36100" - }, - { - "name" : "36352", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36352" - }, - { - "name" : "36418", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36418" - }, - { - "name" : "ADV-2009-2352", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2352" - }, - { - "name" : "buildbot-unspecified-xss(52896)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52896" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Buildbot 0.7.6 through 0.7.11p2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, different vulnerabilities than CVE-2009-2959." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2009-8577", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00985.html" + }, + { + "name": "FEDORA-2009-8516", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00978.html" + }, + { + "name": "ADV-2009-2352", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2352" + }, + { + "name": "[Buildbot-devel] 20090813 Re: Cross-site scripting vulnerability", + "refsource": "MLIST", + "url": "http://sourceforge.net/mailarchive/message.php?msg_name=42338fbf0908130837o86b77d6y725233076286226f%40mail.gmail.com" + }, + { + "name": "http://buildbot.net/trac#SecurityAlert", + "refsource": "CONFIRM", + "url": "http://buildbot.net/trac#SecurityAlert" + }, + { + "name": "36352", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36352" + }, + { + "name": "buildbot-unspecified-xss(52896)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52896" + }, + { + "name": "36418", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36418" + }, + { + "name": "36100", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36100" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3243.json b/2009/3xxx/CVE-2009-3243.json index 3a6b307e8c8..ad9bf85c561 100644 --- a/2009/3xxx/CVE-2009-3243.json +++ b/2009/3xxx/CVE-2009-3243.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4008", - "refsource" : "MISC", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4008" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2009-06.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2009-06.html" - }, - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html" - }, - { - "name" : "36408", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36408" - }, - { - "name" : "oval:org.mitre.oval:def:6413", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6413" - }, - { - "name" : "36754", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36754" - }, - { - "name" : "37409", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37409" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36408", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36408" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4008", + "refsource": "MISC", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4008" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2009-06.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2009-06.html" + }, + { + "name": "36754", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36754" + }, + { + "name": "37409", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37409" + }, + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html" + }, + { + "name": "oval:org.mitre.oval:def:6413", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6413" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3552.json b/2009/3xxx/CVE-2009-3552.json index dbcf0dfb52e..91054ba051d 100644 --- a/2009/3xxx/CVE-2009-3552.json +++ b/2009/3xxx/CVE-2009-3552.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3552", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3552", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3784.json b/2009/3xxx/CVE-2009-3784.json index b6bf5b627c3..d65e40f0a84 100644 --- a/2009/3xxx/CVE-2009-3784.json +++ b/2009/3xxx/CVE-2009-3784.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/590098", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/590098" - }, - { - "name" : "http://drupal.org/node/611002", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/611002" - }, - { - "name" : "36790", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36790" - }, - { - "name" : "37128", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37128", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37128" + }, + { + "name": "http://drupal.org/node/611002", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/611002" + }, + { + "name": "http://drupal.org/node/590098", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/590098" + }, + { + "name": "36790", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36790" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3809.json b/2009/3xxx/CVE-2009-3809.json index baab7aaf33d..a44d9481fce 100644 --- a/2009/3xxx/CVE-2009-3809.json +++ b/2009/3xxx/CVE-2009-3809.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3809", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Acoustica MP3 Audio Mixer 1.0 and possibly 2.471 allows remote attackers to cause a denial of service (crash) via a long string in a .sgp playlist file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9212", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9212" - }, - { - "name" : "ADV-2009-1958", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1958" - }, - { - "name" : "acoustica-m3u-bo(51868)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51868" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Acoustica MP3 Audio Mixer 1.0 and possibly 2.471 allows remote attackers to cause a denial of service (crash) via a long string in a .sgp playlist file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "acoustica-m3u-bo(51868)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51868" + }, + { + "name": "ADV-2009-1958", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1958" + }, + { + "name": "9212", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9212" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3884.json b/2009/3xxx/CVE-2009-3884.json index 510dcee75a7..f6e7ea879ab 100644 --- a/2009/3xxx/CVE-2009-3884.json +++ b/2009/3xxx/CVE-2009-3884.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html", - "refsource" : "CONFIRM", - "url" : "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html" - }, - { - "name" : "http://java.sun.com/javase/6/webnotes/6u17.html", - "refsource" : "CONFIRM", - "url" : "http://java.sun.com/javase/6/webnotes/6u17.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=530300", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=530300" - }, - { - "name" : "http://support.apple.com/kb/HT3969", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3969" - }, - { - "name" : "http://support.apple.com/kb/HT3970", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3970" - }, - { - "name" : "APPLE-SA-2009-12-03-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html" - }, - { - "name" : "APPLE-SA-2009-12-03-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html" - }, - { - "name" : "GLSA-200911-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" - }, - { - "name" : "MDVSA-2010:084", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" - }, - { - "name" : "oval:org.mitre.oval:def:11686", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11686" - }, - { - "name" : "oval:org.mitre.oval:def:6960", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6960" - }, - { - "name" : "37386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37386" - }, - { - "name" : "37581", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37581" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=530300", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530300" + }, + { + "name": "http://support.apple.com/kb/HT3970", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3970" + }, + { + "name": "http://support.apple.com/kb/HT3969", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3969" + }, + { + "name": "GLSA-200911-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" + }, + { + "name": "APPLE-SA-2009-12-03-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html" + }, + { + "name": "oval:org.mitre.oval:def:11686", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11686" + }, + { + "name": "oval:org.mitre.oval:def:6960", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6960" + }, + { + "name": "APPLE-SA-2009-12-03-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html" + }, + { + "name": "37581", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37581" + }, + { + "name": "http://java.sun.com/javase/6/webnotes/6u17.html", + "refsource": "CONFIRM", + "url": "http://java.sun.com/javase/6/webnotes/6u17.html" + }, + { + "name": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html", + "refsource": "CONFIRM", + "url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html" + }, + { + "name": "MDVSA-2010:084", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" + }, + { + "name": "37386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37386" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4059.json b/2009/4xxx/CVE-2009-4059.json index b0be09f9a1d..bc70bff0a81 100644 --- a/2009/4xxx/CVE-2009-4059.json +++ b/2009/4xxx/CVE-2009-4059.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the JoomClip (com_joomclip) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a thumbs action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0911-exploits/joomlajoomclip-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0911-exploits/joomlajoomclip-sql.txt" - }, - { - "name" : "37049", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37049" - }, - { - "name" : "60195", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/60195" - }, - { - "name" : "37400", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37400" - }, - { - "name" : "joomclip-index-sql-injection(54323)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54323" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the JoomClip (com_joomclip) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a thumbs action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37049", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37049" + }, + { + "name": "60195", + "refsource": "OSVDB", + "url": "http://osvdb.org/60195" + }, + { + "name": "37400", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37400" + }, + { + "name": "joomclip-index-sql-injection(54323)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54323" + }, + { + "name": "http://packetstormsecurity.org/0911-exploits/joomlajoomclip-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0911-exploits/joomlajoomclip-sql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4132.json b/2009/4xxx/CVE-2009-4132.json index b41c82ffa71..1ff5aaaf727 100644 --- a/2009/4xxx/CVE-2009-4132.json +++ b/2009/4xxx/CVE-2009-4132.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4132", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-4214. Reason: This candidate is a duplicate of CVE-2009-4214. Notes: All CVE users should reference CVE-2009-4214 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2009-4132", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-4214. Reason: This candidate is a duplicate of CVE-2009-4214. Notes: All CVE users should reference CVE-2009-4214 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4613.json b/2009/4xxx/CVE-2009-4613.json index 3e955060463..719e18e4ce6 100644 --- a/2009/4xxx/CVE-2009-4613.json +++ b/2009/4xxx/CVE-2009-4613.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4613", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "60866", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/60866" - }, - { - "name" : "37633", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37633" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60866", + "refsource": "OSVDB", + "url": "http://osvdb.org/60866" + }, + { + "name": "37633", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37633" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4862.json b/2009/4xxx/CVE-2009-4862.json index 3e002382f52..bad90f43a50 100644 --- a/2009/4xxx/CVE-2009-4862.json +++ b/2009/4xxx/CVE-2009-4862.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Alwasel 1.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) show.php and (2) xml.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9384", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9384" - }, - { - "name" : "alwasel-id-sql-injection(52326)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52326" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Alwasel 1.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) show.php and (2) xml.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "alwasel-id-sql-injection(52326)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52326" + }, + { + "name": "9384", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9384" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0199.json b/2015/0xxx/CVE-2015-0199.json index d758bfbd897..eb2e084719e 100644 --- a/2015/0xxx/CVE-2015-0199.json +++ b/2015/0xxx/CVE-2015-0199.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mmfslinux kernel module in IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to cause a denial of service (memory corruption) via unspecified character-device ioctl calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1022062", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1022062" - }, - { - "name" : "http://www-304.ibm.com/support/docview.wss?uid=swg21902662", - "refsource" : "CONFIRM", - "url" : "http://www-304.ibm.com/support/docview.wss?uid=swg21902662" - }, - { - "name" : "73283", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73283" - }, - { - "name" : "1032880", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032880" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mmfslinux kernel module in IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to cause a denial of service (memory corruption) via unspecified character-device ioctl calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032880", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032880" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1022062", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1022062" + }, + { + "name": "73283", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73283" + }, + { + "name": "http://www-304.ibm.com/support/docview.wss?uid=swg21902662", + "refsource": "CONFIRM", + "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21902662" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0275.json b/2015/0xxx/CVE-2015-0275.json index dc5a0f7e592..a21f692c825 100644 --- a/2015/0xxx/CVE-2015-0275.json +++ b/2015/0xxx/CVE-2015-0275.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-0275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-ext4] 20150218 [PATCH] ext4: Allocate entire range in zero range", - "refsource" : "MLIST", - "url" : "http://www.spinics.net/lists/linux-ext4/msg47193.html" - }, - { - "name" : "[oss-security] 20150223 CVE-2015-0275 -- Linux kernel: fs: ext4: fallocate zero range page size > block size BUG()", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/02/23/14" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f2af21aae11972fa924374ddcf52e88347cf5a8", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f2af21aae11972fa924374ddcf52e88347cf5a8" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1193907", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1193907" - }, - { - "name" : "https://github.com/torvalds/linux/commit/0f2af21aae11972fa924374ddcf52e88347cf5a8", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/0f2af21aae11972fa924374ddcf52e88347cf5a8" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "RHSA-2015:1778", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1778.html" - }, - { - "name" : "RHSA-2015:1787", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1787.html" - }, - { - "name" : "75139", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75139" - }, - { - "name" : "1034454", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034454" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1034454", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034454" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1193907", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1193907" + }, + { + "name": "[linux-ext4] 20150218 [PATCH] ext4: Allocate entire range in zero range", + "refsource": "MLIST", + "url": "http://www.spinics.net/lists/linux-ext4/msg47193.html" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f2af21aae11972fa924374ddcf52e88347cf5a8", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f2af21aae11972fa924374ddcf52e88347cf5a8" + }, + { + "name": "RHSA-2015:1778", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1778.html" + }, + { + "name": "RHSA-2015:1787", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1787.html" + }, + { + "name": "75139", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75139" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/0f2af21aae11972fa924374ddcf52e88347cf5a8", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/0f2af21aae11972fa924374ddcf52e88347cf5a8" + }, + { + "name": "[oss-security] 20150223 CVE-2015-0275 -- Linux kernel: fs: ext4: fallocate zero range page size > block size BUG()", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/02/23/14" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0457.json b/2015/0xxx/CVE-2015-0457.json index 1cf79c04e70..3949943d1e9 100644 --- a/2015/0xxx/CVE-2015-0457.json +++ b/2015/0xxx/CVE-2015-0457.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-2629." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" - }, - { - "name" : "1032118", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-2629." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" + }, + { + "name": "1032118", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032118" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0534.json b/2015/0xxx/CVE-2015-0534.json index 498b26b9283..16e2c2f52fe 100644 --- a/2015/0xxx/CVE-2015-0534.json +++ b/2015/0xxx/CVE-2015-0534.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, a similar issue to CVE-2014-8275." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2015-0534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150817 ESA-2015-081: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2015/Aug/84" - }, - { - "name" : "76377", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76377" - }, - { - "name" : "1033297", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033297" - }, - { - "name" : "1033298", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, a similar issue to CVE-2014-8275." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033298", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033298" + }, + { + "name": "20150817 ESA-2015-081: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2015/Aug/84" + }, + { + "name": "1033297", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033297" + }, + { + "name": "76377", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76377" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0572.json b/2015/0xxx/CVE-2015-0572.json index 054c8731a49..19e01f902a1 100644 --- a/2015/0xxx/CVE-2015-0572.json +++ b/2015/0xxx/CVE-2015-0572.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0572", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple race conditions in drivers/char/adsprpc.c and drivers/char/adsprpc_compat.c in the ADSPRPC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (zero-value write) or possibly have unspecified other impact via a COMPAT_FASTRPC_IOCTL_INVOKE_FD ioctl call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-10-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-10-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=34ad3d34fbff11b8e1210b9da0dac937fb956b61", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=34ad3d34fbff11b8e1210b9da0dac937fb956b61" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=8fb32c3a8147b82e2bb159b3f70d803c9e68899b", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=8fb32c3a8147b82e2bb159b3f70d803c9e68899b" - }, - { - "name" : "https://www.codeaurora.org/race-condition-leading-arbitrary-null-write-adsp-using-ioctl-compatfastrpcioctlinvokefd-cve-2015", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/race-condition-leading-arbitrary-null-write-adsp-using-ioctl-compatfastrpcioctlinvokefd-cve-2015" - }, - { - "name" : "93312", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93312" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple race conditions in drivers/char/adsprpc.c and drivers/char/adsprpc_compat.c in the ADSPRPC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (zero-value write) or possibly have unspecified other impact via a COMPAT_FASTRPC_IOCTL_INVOKE_FD ioctl call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=8fb32c3a8147b82e2bb159b3f70d803c9e68899b", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=8fb32c3a8147b82e2bb159b3f70d803c9e68899b" + }, + { + "name": "93312", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93312" + }, + { + "name": "https://www.codeaurora.org/race-condition-leading-arbitrary-null-write-adsp-using-ioctl-compatfastrpcioctlinvokefd-cve-2015", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/race-condition-leading-arbitrary-null-write-adsp-using-ioctl-compatfastrpcioctlinvokefd-cve-2015" + }, + { + "name": "http://source.android.com/security/bulletin/2016-10-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-10-01.html" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=34ad3d34fbff11b8e1210b9da0dac937fb956b61", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=34ad3d34fbff11b8e1210b9da0dac937fb956b61" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0741.json b/2015/0xxx/CVE-2015-0741.json index 5c2b1732007..09bea166d1e 100644 --- a/2015/0xxx/CVE-2015-0741.json +++ b/2015/0xxx/CVE-2015-0741.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150520 Cisco Prime Central for HCS Multiple Cross-Site Request Forgery Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=38927" - }, - { - "name" : "74754", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74754" - }, - { - "name" : "1032380", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032380" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150520 Cisco Prime Central for HCS Multiple Cross-Site Request Forgery Vulnerabilities", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38927" + }, + { + "name": "1032380", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032380" + }, + { + "name": "74754", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74754" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1135.json b/2015/1xxx/CVE-2015-1135.json index 9a0d27ca64c..8500f31d257 100644 --- a/2015/1xxx/CVE-2015-1135.json +++ b/2015/1xxx/CVE-2015-1135.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1134." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204659", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204659" - }, - { - "name" : "APPLE-SA-2015-04-08-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" - }, - { - "name" : "73982", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73982" - }, - { - "name" : "1032048", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1134." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT204659", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204659" + }, + { + "name": "73982", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73982" + }, + { + "name": "1032048", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032048" + }, + { + "name": "APPLE-SA-2015-04-08-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1229.json b/2015/1xxx/CVE-2015-1229.json index d85ba06635c..7bf89e44088 100644 --- a/2015/1xxx/CVE-2015-1229.json +++ b/2015/1xxx/CVE-2015-1229.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1229", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1229", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=431504", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=431504" - }, - { - "name" : "https://codereview.chromium.org/769043003", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/769043003" - }, - { - "name" : "GLSA-201503-12", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201503-12" - }, - { - "name" : "RHSA-2015:0627", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0627.html" - }, - { - "name" : "USN-2521-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2521-1" - }, - { - "name" : "72901", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72901" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2521-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2521-1" + }, + { + "name": "72901", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72901" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=431504", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=431504" + }, + { + "name": "https://codereview.chromium.org/769043003", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/769043003" + }, + { + "name": "GLSA-201503-12", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201503-12" + }, + { + "name": "RHSA-2015:0627", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0627.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1485.json b/2015/1xxx/CVE-2015-1485.json index 2bd153ce592..606f916099a 100644 --- a/2015/1xxx/CVE-2015-1485.json +++ b/2015/1xxx/CVE-2015-1485.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to hijack the authentication of administrators." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2015-1485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150622_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150622_00" - }, - { - "name" : "75289", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75289" - }, - { - "name" : "1032710", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032710" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to hijack the authentication of administrators." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032710", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032710" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150622_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150622_00" + }, + { + "name": "75289", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75289" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1648.json b/2015/1xxx/CVE-2015-1648.json index 05c6bcaf5ff..c005bb0b4d8 100644 --- a/2015/1xxx/CVE-2015-1648.json +++ b/2015/1xxx/CVE-2015-1648.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, when the customErrors configuration is disabled, allows remote attackers to obtain sensitive configuration-file information via a crafted request, aka \"ASP.NET Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-041", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-041" - }, - { - "name" : "1032116", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, when the customErrors configuration is disabled, allows remote attackers to obtain sensitive configuration-file information via a crafted request, aka \"ASP.NET Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-041", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-041" + }, + { + "name": "1032116", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032116" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1686.json b/2015/1xxx/CVE-2015-1686.json index 3e767cbe107..0ebc86b0041 100644 --- a/2015/1xxx/CVE-2015-1686.json +++ b/2015/1xxx/CVE-2015-1686.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft (1) VBScript 5.6 through 5.8 and (2) JScript 5.6 through 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka \"VBScript and JScript ASLR Bypass.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-043", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043" - }, - { - "name" : "MS15-053", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-053" - }, - { - "name" : "74530", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74530" - }, - { - "name" : "1032282", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft (1) VBScript 5.6 through 5.8 and (2) JScript 5.6 through 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka \"VBScript and JScript ASLR Bypass.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74530", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74530" + }, + { + "name": "1032282", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032282" + }, + { + "name": "MS15-053", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-053" + }, + { + "name": "MS15-043", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4125.json b/2015/4xxx/CVE-2015-4125.json index 45fe16be2a9..7401d1d0d15 100644 --- a/2015/4xxx/CVE-2015-4125.json +++ b/2015/4xxx/CVE-2015-4125.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4125", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4125", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4351.json b/2015/4xxx/CVE-2015-4351.json index 49d950d95a0..a6b88946490 100644 --- a/2015/4xxx/CVE-2015-4351.json +++ b/2015/4xxx/CVE-2015-4351.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Spider Video Player module for Drupal allows remote authenticated users with the \"access Spider Video Player administration\" permission to delete arbitrary files via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/04/25/6" - }, - { - "name" : "https://www.drupal.org/node/2437981", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2437981" - }, - { - "name" : "72817", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72817" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Spider Video Player module for Drupal allows remote authenticated users with the \"access Spider Video Player administration\" permission to delete arbitrary files via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72817", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72817" + }, + { + "name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/04/25/6" + }, + { + "name": "https://www.drupal.org/node/2437981", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2437981" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4418.json b/2015/4xxx/CVE-2015-4418.json index f77ae64142d..1c2f4072ad1 100644 --- a/2015/4xxx/CVE-2015-4418.json +++ b/2015/4xxx/CVE-2015-4418.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerability-fix-for-fails-to-restrict-access-permissions-cross-site-scripting-cross-site-request-forgery-over-build-10250", - "refsource" : "CONFIRM", - "url" : "https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerability-fix-for-fails-to-restrict-access-permissions-cross-site-scripting-cross-site-request-forgery-over-build-10250" - }, - { - "name" : "75068", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75068" - }, - { - "name" : "1032516", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032516" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032516", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032516" + }, + { + "name": "75068", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75068" + }, + { + "name": "https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerability-fix-for-fails-to-restrict-access-permissions-cross-site-scripting-cross-site-request-forgery-over-build-10250", + "refsource": "CONFIRM", + "url": "https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerability-fix-for-fails-to-restrict-access-permissions-cross-site-scripting-cross-site-request-forgery-over-build-10250" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4816.json b/2015/4xxx/CVE-2015-4816.json index 5b500057b49..824178bc4a5 100644 --- a/2015/4xxx/CVE-2015-4816.json +++ b/2015/4xxx/CVE-2015-4816.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "DSA-3385", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3385" - }, - { - "name" : "DSA-3377", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3377" - }, - { - "name" : "FEDORA-2016-e30164d0a2", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html" - }, - { - "name" : "RHSA-2016:0534", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0534.html" - }, - { - "name" : "RHSA-2015:1628", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1628.html" - }, - { - "name" : "RHSA-2016:1132", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1132" - }, - { - "name" : "RHSA-2016:1481", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1481.html" - }, - { - "name" : "USN-2781-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2781-1" - }, - { - "name" : "77134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77134" - }, - { - "name" : "1033894", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033894" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:1481", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1481.html" + }, + { + "name": "1033894", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033894" + }, + { + "name": "RHSA-2016:1132", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1132" + }, + { + "name": "RHSA-2016:0534", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0534.html" + }, + { + "name": "USN-2781-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2781-1" + }, + { + "name": "77134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77134" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "DSA-3385", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3385" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "RHSA-2015:1628", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1628.html" + }, + { + "name": "DSA-3377", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3377" + }, + { + "name": "FEDORA-2016-e30164d0a2", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5084.json b/2015/5xxx/CVE-2015-5084.json index 7e4f65069fa..400709e5603 100644 --- a/2015/5xxx/CVE-2015-5084.json +++ b/2015/5xxx/CVE-2015-5084.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically proximate attackers to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-202-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-202-02" - }, - { - "name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-267489.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-267489.pdf" - }, - { - "name" : "75981", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75981" - }, - { - "name" : "1033021", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033021" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically proximate attackers to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-267489.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-267489.pdf" + }, + { + "name": "75981", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75981" + }, + { + "name": "1033021", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033021" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-202-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-202-02" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5359.json b/2015/5xxx/CVE-2015-5359.json index a589c4a3506..79002c955de 100644 --- a/2015/5xxx/CVE-2015-5359.json +++ b/2015/5xxx/CVE-2015-5359.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R7, 13.3 before 13.3R5, 14.1R3 before 14.1R3-S2, 14.1 before 14.1R4, 14.2 before 14.2R2, and 15.1 before 15.1R1 allows remote attackers to cause a denial of service (NULL pointer dereference and RDP crash) via a large number of BGP-VPLS advertisements with updated BGP local preference values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10687", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10687" - }, - { - "name" : "1032843", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032843" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R7, 13.3 before 13.3R5, 14.1R3 before 14.1R3-S2, 14.1 before 14.1R4, 14.2 before 14.2R2, and 15.1 before 15.1R1 allows remote attackers to cause a denial of service (NULL pointer dereference and RDP crash) via a large number of BGP-VPLS advertisements with updated BGP local preference values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032843", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032843" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10687", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10687" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2020.json b/2018/2xxx/CVE-2018-2020.json index 9d0952241dd..312cceff05a 100644 --- a/2018/2xxx/CVE-2018-2020.json +++ b/2018/2xxx/CVE-2018-2020.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2020", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-2020", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2195.json b/2018/2xxx/CVE-2018-2195.json index 49db7d75a0a..ff304640fb0 100644 --- a/2018/2xxx/CVE-2018-2195.json +++ b/2018/2xxx/CVE-2018-2195.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2195", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2195", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2287.json b/2018/2xxx/CVE-2018-2287.json index a70f6ad8b1e..0beb09d60f3 100644 --- a/2018/2xxx/CVE-2018-2287.json +++ b/2018/2xxx/CVE-2018-2287.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2287", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2287", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2445.json b/2018/2xxx/CVE-2018-2445.json index eb460ec0baf..66b4ab9372b 100644 --- a/2018/2xxx/CVE-2018-2445.json +++ b/2018/2xxx/CVE-2018-2445.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2018-2445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP BusinessObjects Business Intelligence Platform", - "version" : { - "version_data" : [ - { - "version_name" : "", - "version_value" : "4.1" - }, - { - "version_name" : "", - "version_value" : "4.2" - } - ] - } - } - ] - }, - "vendor_name" : "SAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Server-Side Request Forgery" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2018-2445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP BusinessObjects Business Intelligence Platform", + "version": { + "version_data": [ + { + "version_name": "", + "version_value": "4.1" + }, + { + "version_name": "", + "version_value": "4.2" + } + ] + } + } + ] + }, + "vendor_name": "SAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.support.sap.com/#/notes/2630018", - "refsource" : "MISC", - "url" : "https://launchpad.support.sap.com/#/notes/2630018" - }, - { - "name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742", - "refsource" : "CONFIRM", - "url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742" - }, - { - "name" : "105064", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105064" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server-Side Request Forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105064", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105064" + }, + { + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742", + "refsource": "CONFIRM", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742" + }, + { + "name": "https://launchpad.support.sap.com/#/notes/2630018", + "refsource": "MISC", + "url": "https://launchpad.support.sap.com/#/notes/2630018" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2973.json b/2018/2xxx/CVE-2018-2973.json index 401fb9929f8..be5e52ff024 100644 --- a/2018/2xxx/CVE-2018-2973.json +++ b/2018/2xxx/CVE-2018-2973.json @@ -1,155 +1,155 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java SE: 6u191" - }, - { - "version_affected" : "=", - "version_value" : "7u181" - }, - { - "version_affected" : "=", - "version_value" : "8u172" - }, - { - "version_affected" : "=", - "version_value" : "10.0.1; Java SE Embedded: 8u171" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java SE: 6u191" + }, + { + "version_affected": "=", + "version_value": "7u181" + }, + { + "version_affected": "=", + "version_value": "8u172" + }, + { + "version_affected": "=", + "version_value": "10.0.1; Java SE Embedded: 8u171" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180726-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180726-0001/" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03882en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03882en_us" - }, - { - "name" : "RHSA-2018:2253", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2253" - }, - { - "name" : "RHSA-2018:2254", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2254" - }, - { - "name" : "RHSA-2018:2255", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2255" - }, - { - "name" : "RHSA-2018:2256", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2256" - }, - { - "name" : "RHSA-2018:2568", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2568" - }, - { - "name" : "RHSA-2018:2569", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2569" - }, - { - "name" : "RHSA-2018:2575", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2575" - }, - { - "name" : "RHSA-2018:2576", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2576" - }, - { - "name" : "RHSA-2018:2712", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2712" - }, - { - "name" : "RHSA-2018:2713", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2713" - }, - { - "name" : "RHSA-2018:3007", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3007" - }, - { - "name" : "RHSA-2018:3008", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3008" - }, - { - "name" : "104773", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104773" - }, - { - "name" : "1041302", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041302" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:2254", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2254" + }, + { + "name": "RHSA-2018:3007", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3007" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "RHSA-2018:2713", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2713" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180726-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180726-0001/" + }, + { + "name": "RHSA-2018:2255", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2255" + }, + { + "name": "RHSA-2018:2575", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2575" + }, + { + "name": "RHSA-2018:2256", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2256" + }, + { + "name": "RHSA-2018:2576", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2576" + }, + { + "name": "RHSA-2018:2253", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2253" + }, + { + "name": "RHSA-2018:2568", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2568" + }, + { + "name": "RHSA-2018:2569", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2569" + }, + { + "name": "RHSA-2018:2712", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2712" + }, + { + "name": "RHSA-2018:3008", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3008" + }, + { + "name": "104773", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104773" + }, + { + "name": "1041302", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041302" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03882en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03882en_us" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3526.json b/2018/3xxx/CVE-2018-3526.json index 6ca7d1d8b93..5c01c9c161e 100644 --- a/2018/3xxx/CVE-2018-3526.json +++ b/2018/3xxx/CVE-2018-3526.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3526", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3526", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3617.json b/2018/3xxx/CVE-2018-3617.json index d65a967ac01..356d2632980 100644 --- a/2018/3xxx/CVE-2018-3617.json +++ b/2018/3xxx/CVE-2018-3617.json @@ -1,19 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_PUBLIC" : "2018-05-10T00:00:00", - "ID" : "CVE-2018-3617", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-3691. Reason: This candidate is a reservation duplicate of CVE-2018-3691. Notes: All CVE users should reference CVE-2018-3691 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-3617", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-3691. Reason: This candidate is a reservation duplicate of CVE-2018-3691. Notes: All CVE users should reference CVE-2018-3691 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3977.json b/2018/3xxx/CVE-2018-3977.json index 130752425c1..642d7b722f9 100644 --- a/2018/3xxx/CVE-2018-3977.json +++ b/2018/3xxx/CVE-2018-3977.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-10-31T00:00:00", - "ID" : "CVE-2018-3977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Simple DirectMedia Layer", - "version" : { - "version_data" : [ - { - "version_value" : "Simple DirectMedia Layer SDL2_image 2.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "Simple DirectMedia Layer" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap-based Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-10-31T00:00:00", + "ID": "CVE-2018-3977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Simple DirectMedia Layer", + "version": { + "version_data": [ + { + "version_value": "Simple DirectMedia Layer SDL2_image 2.0.3" + } + ] + } + } + ] + }, + "vendor_name": "Simple DirectMedia Layer" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0645", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0645" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0645", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0645" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6383.json b/2018/6xxx/CVE-2018-6383.json index 062b0368833..2e24363557b 100644 --- a/2018/6xxx/CVE-2018-6383.json +++ b/2018/6xxx/CVE-2018-6383.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Monstra CMS through 3.0.4 has an incomplete \"forbidden types\" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/monstra-cms/monstra/issues/429", - "refsource" : "MISC", - "url" : "https://github.com/monstra-cms/monstra/issues/429" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Monstra CMS through 3.0.4 has an incomplete \"forbidden types\" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/monstra-cms/monstra/issues/429", + "refsource": "MISC", + "url": "https://github.com/monstra-cms/monstra/issues/429" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6418.json b/2018/6xxx/CVE-2018-6418.json index 9f658dc355d..8e699c9ae05 100644 --- a/2018/6xxx/CVE-2018-6418.json +++ b/2018/6xxx/CVE-2018-6418.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6418", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6418", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6959.json b/2018/6xxx/CVE-2018-6959.json index 179c254d277..bb36d22688b 100644 --- a/2018/6xxx/CVE-2018-6959.json +++ b/2018/6xxx/CVE-2018-6959.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "DATE_PUBLIC" : "2018-04-12T00:00:00", - "ID" : "CVE-2018-6959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "vRealize Automation", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 7.4.0" - } - ] - } - } - ] - }, - "vendor_name" : "VMware" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user's session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing renewal of session tokens vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "DATE_PUBLIC": "2018-04-12T00:00:00", + "ID": "CVE-2018-6959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "vRealize Automation", + "version": { + "version_data": [ + { + "version_value": "prior to 7.4.0" + } + ] + } + } + ] + }, + "vendor_name": "VMware" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2018-0009.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2018-0009.html" - }, - { - "name" : "103752", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103752" - }, - { - "name" : "1040676", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040676" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user's session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing renewal of session tokens vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103752", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103752" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2018-0009.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2018-0009.html" + }, + { + "name": "1040676", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040676" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6977.json b/2018/6xxx/CVE-2018-6977.json index 0a2e3c3e075..57ff5ebe7eb 100644 --- a/2018/6xxx/CVE-2018-6977.json +++ b/2018/6xxx/CVE-2018-6977.json @@ -1,98 +1,98 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "DATE_PUBLIC" : "2018-10-09T00:00:00", - "ID" : "CVE-2018-6977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ESXi", - "version" : { - "version_data" : [ - { - "version_value" : "6.7, 6.5, 6.0" - } - ] - } - }, - { - "product_name" : "Workstation", - "version" : { - "version_data" : [ - { - "version_value" : "15.x and 14.x" - } - ] - } - }, - { - "product_name" : "Fusion", - "version" : { - "version_data" : [ - { - "version_value" : "11.x and 10.x" - } - ] - } - } - ] - }, - "vendor_name" : "VMware" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial-of-service vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "DATE_PUBLIC": "2018-10-09T00:00:00", + "ID": "CVE-2018-6977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ESXi", + "version": { + "version_data": [ + { + "version_value": "6.7, 6.5, 6.0" + } + ] + } + }, + { + "product_name": "Workstation", + "version": { + "version_data": [ + { + "version_value": "15.x and 14.x" + } + ] + } + }, + { + "product_name": "Fusion", + "version": { + "version_data": [ + { + "version_value": "11.x and 10.x" + } + ] + } + } + ] + }, + "vendor_name": "VMware" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vmware.com/security/advisories/VMSA-2018-0025.html", - "refsource" : "CONFIRM", - "url" : "https://www.vmware.com/security/advisories/VMSA-2018-0025.html" - }, - { - "name" : "105549", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105549" - }, - { - "name" : "1041821", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041821" - }, - { - "name" : "1041822", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041822" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial-of-service vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105549", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105549" + }, + { + "name": "1041821", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041821" + }, + { + "name": "https://www.vmware.com/security/advisories/VMSA-2018-0025.html", + "refsource": "CONFIRM", + "url": "https://www.vmware.com/security/advisories/VMSA-2018-0025.html" + }, + { + "name": "1041822", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041822" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7011.json b/2018/7xxx/CVE-2018-7011.json index f9dbd35764f..40bad913d4f 100644 --- a/2018/7xxx/CVE-2018-7011.json +++ b/2018/7xxx/CVE-2018-7011.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7011", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7011", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7241.json b/2018/7xxx/CVE-2018-7241.json index 8ec5661939b..edd5d551904 100644 --- a/2018/7xxx/CVE-2018-7241.json +++ b/2018/7xxx/CVE-2018-7241.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cybersecurity@se.com", - "ID" : "CVE-2018-7241", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Modicon Premium, Modicon Quantum, Modicon M340, BMXNOR0200", - "version" : { - "version_data" : [ - { - "version_value" : "All versions of communication modules for Modicon Premium, Quantum, M340 and BMXNOR0200" - } - ] - } - } - ] - }, - "vendor_name" : "Schneider Electric SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Hard-coded accounts" - } + "CVE_data_meta": { + "ASSIGNER": "cybersecurity@schneider-electric.com", + "ID": "CVE-2018-7241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Modicon Premium, Modicon Quantum, Modicon M340, BMXNOR0200", + "version": { + "version_data": [ + { + "version_value": "All versions of communication modules for Modicon Premium, Quantum, M340 and BMXNOR0200" + } + ] + } + } + ] + }, + "vendor_name": "Schneider Electric SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01" - }, - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/" - }, - { - "name" : "103542", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103542" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Hard-coded accounts" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/" + }, + { + "name": "103542", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103542" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01" + } + ] + } +} \ No newline at end of file