diff --git a/1999/1xxx/CVE-1999-1238.json b/1999/1xxx/CVE-1999-1238.json index 24a6364d753..68d2ab719c6 100644 --- a/1999/1xxx/CVE-1999-1238.json +++ b/1999/1xxx/CVE-1999-1238.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1238", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in CORE-DIAG fileset in HP message catalog in HP-UX 9.05 and earlier allows local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1238", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX9409-017", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/advisories/1531" - }, - { - "name" : "hp-core-diag-fileset(2262)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/2262" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in CORE-DIAG fileset in HP message catalog in HP-UX 9.05 and earlier allows local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hp-core-diag-fileset(2262)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2262" + }, + { + "name": "HPSBUX9409-017", + "refsource": "HP", + "url": "http://www.securityfocus.com/advisories/1531" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1414.json b/1999/1xxx/CVE-1999-1414.json index 866db1c28fe..844cc62a5eb 100644 --- a/1999/1xxx/CVE-1999-1414.json +++ b/1999/1xxx/CVE-1999-1414.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1414", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Netfinity Remote Control allows local users to gain administrator privileges by starting programs from the process manager, which runs with system level privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990525 Security Leak with IBM Netfinity Remote Control Software", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=92765856706547&w=2" - }, - { - "name" : "19990609 IBM's response to \"Security Leak with IBM Netfinity Remote Control Software", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=92902484317769&w=2" - }, - { - "name" : "284", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/284" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Netfinity Remote Control allows local users to gain administrator privileges by starting programs from the process manager, which runs with system level privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19990525 Security Leak with IBM Netfinity Remote Control Software", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=92765856706547&w=2" + }, + { + "name": "19990609 IBM's response to \"Security Leak with IBM Netfinity Remote Control Software", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=92902484317769&w=2" + }, + { + "name": "284", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/284" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0077.json b/2000/0xxx/CVE-2000-0077.json index 60de8a7573a..badcd510194 100644 --- a/2000/0xxx/CVE-2000-0077.json +++ b/2000/0xxx/CVE-2000-0077.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The October 1998 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the ps and grep commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "oval:org.mitre.oval:def:5549", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5549" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The October 1998 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the ps and grep commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:5549", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5549" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1017.json b/2000/1xxx/CVE-2000-1017.json index 51f35eaecba..9d4b26068d2 100644 --- a/2000/1xxx/CVE-2000-1017.json +++ b/2000/1xxx/CVE-2000-1017.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Webteachers Webdata allows remote attackers with valid Webdata accounts to read arbitrary files by posting a request to import the file into the WebData database." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001002 DST2K0039: Webteachers Webdata: Importing files lower than web ro ot possible in to database", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-10/0007.html" - }, - { - "name" : "20001003 Update to DST2K0039: Webteachers Webdata: Importing files lower t han web root possible in to database", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-10/0032.html" - }, - { - "name" : "1732", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Webteachers Webdata allows remote attackers with valid Webdata accounts to read arbitrary files by posting a request to import the file into the WebData database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20001003 Update to DST2K0039: Webteachers Webdata: Importing files lower t han web root possible in to database", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0032.html" + }, + { + "name": "20001002 DST2K0039: Webteachers Webdata: Importing files lower than web ro ot possible in to database", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0007.html" + }, + { + "name": "1732", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1732" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0915.json b/2005/0xxx/CVE-2005-0915.json index d4d93a1e0f3..29196f5c6a7 100644 --- a/2005/0xxx/CVE-2005-0915.json +++ b/2005/0xxx/CVE-2005-0915.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0915", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to bypass authentication and perform certain administrator actions via a direct HTTP POST request to (1) ajout_admin2.php or (2) suppr.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1013570", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013570" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to bypass authentication and perform certain administrator actions via a direct HTTP POST request to (1) ajout_admin2.php or (2) suppr.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013570", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013570" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2259.json b/2005/2xxx/CVE-2005-2259.json index 60caee1554f..90be6c6e72d 100644 --- a/2005/2xxx/CVE-2005-2259.json +++ b/2005/2xxx/CVE-2005-2259.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2259", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2259", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14179", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14179" - }, - { - "name" : "1014411", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014411" - }, - { - "name" : "15985", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14179", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14179" + }, + { + "name": "15985", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15985" + }, + { + "name": "1014411", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014411" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2631.json b/2005/2xxx/CVE-2005-2631.json index c47c6680e15..5976b6e6a22 100644 --- a/2005/2xxx/CVE-2005-2631.json +++ b/2005/2xxx/CVE-2005-2631.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to 3.5.3 does not properly authenticate users when invoking API methods, which could allow remote attackers to bypass security checks, change the assigned role of a user, or disconnect users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050817 Cisco Security Advisory: Cisco Clean Access Unauthenticated API Access", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20050817-cca.shtml" - }, - { - "name" : "14585", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14585" - }, - { - "name" : "16472", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16472/" - }, - { - "name" : "cisco-cca-security-bypass(21884)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21884" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to 3.5.3 does not properly authenticate users when invoking API methods, which could allow remote attackers to bypass security checks, change the assigned role of a user, or disconnect users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16472", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16472/" + }, + { + "name": "20050817 Cisco Security Advisory: Cisco Clean Access Unauthenticated API Access", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20050817-cca.shtml" + }, + { + "name": "14585", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14585" + }, + { + "name": "cisco-cca-security-bypass(21884)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21884" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3002.json b/2005/3xxx/CVE-2005-3002.json index aa4932abff8..95bc08f7df0 100644 --- a/2005/3xxx/CVE-2005-3002.json +++ b/2005/3xxx/CVE-2005-3002.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multi-Computer Control System (MCCS) 1.0 allows remote attackers to cause a denial of service via a malformed UDP packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=93", - "refsource" : "MISC", - "url" : "http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=93" - }, - { - "name" : "16865", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multi-Computer Control System (MCCS) 1.0 allows remote attackers to cause a denial of service via a malformed UDP packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=93", + "refsource": "MISC", + "url": "http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=93" + }, + { + "name": "16865", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16865" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3438.json b/2005/3xxx/CVE-2005-3438.json index 2cc9c137063..8e82646329a 100644 --- a/2005/3xxx/CVE-2005-3438.json +++ b/2005/3xxx/CVE-2005-3438.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Oracle Database Server 9i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 in Change Data Capture; (2) DB06 in Data Guard Logical Standby; (3) DB10 in Locale; (4) DB12 in Materialized Views; (5) DB13 in Objects Extension; (6) DB15 in Oracle Label Security; (7) DB27 in Security, possibly due to a buffer overflow in sys.pbsde.init; and (8) DB28 and (9) DB29 in Workspace Manager." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051020 Exploit Oracle DB27 - CPU Octobre", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038061.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html" - }, - { - "name" : "TA05-292A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-292A.html" - }, - { - "name" : "VU#449444", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/449444" - }, - { - "name" : "VU#210524", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/210524" - }, - { - "name" : "15134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15134" - }, - { - "name" : "17250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Oracle Database Server 9i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 in Change Data Capture; (2) DB06 in Data Guard Logical Standby; (3) DB10 in Locale; (4) DB12 in Materialized Views; (5) DB13 in Objects Extension; (6) DB15 in Oracle Label Security; (7) DB27 in Security, possibly due to a buffer overflow in sys.pbsde.init; and (8) DB28 and (9) DB29 in Workspace Manager." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html" + }, + { + "name": "TA05-292A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-292A.html" + }, + { + "name": "20051020 Exploit Oracle DB27 - CPU Octobre", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038061.html" + }, + { + "name": "VU#449444", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/449444" + }, + { + "name": "15134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15134" + }, + { + "name": "VU#210524", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/210524" + }, + { + "name": "17250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17250" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3458.json b/2005/3xxx/CVE-2005-3458.json index 972032c3724..86b15de573f 100644 --- a/2005/3xxx/CVE-2005-3458.json +++ b/2005/3xxx/CVE-2005-3458.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle E-Business Suite and Applications 11.0 up to 11.5.9 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS19 in Workflow Cartridge." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html" - }, - { - "name" : "TA05-292A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-292A.html" - }, - { - "name" : "VU#210524", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/210524" - }, - { - "name" : "15134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15134" - }, - { - "name" : "17250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle E-Business Suite and Applications 11.0 up to 11.5.9 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS19 in Workflow Cartridge." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html" + }, + { + "name": "TA05-292A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-292A.html" + }, + { + "name": "15134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15134" + }, + { + "name": "VU#210524", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/210524" + }, + { + "name": "17250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17250" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3922.json b/2005/3xxx/CVE-2005-3922.json index 54ab896f322..b8dc8cda34e 100644 --- a/2005/3xxx/CVE-2005-3922.json +++ b/2005/3xxx/CVE-2005-3922.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3922", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers to execute arbitrary code via a crafted ZOO archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051129 Panda Remote Heap Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/418096/100/0/threaded" - }, - { - "name" : "http://www.rem0te.com/public/images/panda.pdf", - "refsource" : "MISC", - "url" : "http://www.rem0te.com/public/images/panda.pdf" - }, - { - "name" : "15616", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15616" - }, - { - "name" : "ADV-2005-2666", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2666" - }, - { - "name" : "21256", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21256" - }, - { - "name" : "1015295", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015295" - }, - { - "name" : "17765", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17765" - }, - { - "name" : "216", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/216" - }, - { - "name" : "panda-antivirus-zoo-bo(23276)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23276" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers to execute arbitrary code via a crafted ZOO archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.rem0te.com/public/images/panda.pdf", + "refsource": "MISC", + "url": "http://www.rem0te.com/public/images/panda.pdf" + }, + { + "name": "ADV-2005-2666", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2666" + }, + { + "name": "15616", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15616" + }, + { + "name": "17765", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17765" + }, + { + "name": "panda-antivirus-zoo-bo(23276)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23276" + }, + { + "name": "20051129 Panda Remote Heap Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/418096/100/0/threaded" + }, + { + "name": "216", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/216" + }, + { + "name": "1015295", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015295" + }, + { + "name": "21256", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21256" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4135.json b/2005/4xxx/CVE-2005-4135.json index 223fef71eff..5961ca647e7 100644 --- a/2005/4xxx/CVE-2005-4135.json +++ b/2005/4xxx/CVE-2005-4135.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Direct static code injection vulnerability in includes/newtopic.php in SimpleBBS 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the Host header (possibly the name parameter or variable), which is then written to data/topics.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051207 SimpleBBS <= v1.1 remote commands execution in c by: unitedasia security crew", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/418838/100/0/threaded" - }, - { - "name" : "15764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15764" - }, - { - "name" : "ADV-2005-2807", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2807" - }, - { - "name" : "1015323", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015323" - }, - { - "name" : "17949", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17949" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Direct static code injection vulnerability in includes/newtopic.php in SimpleBBS 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the Host header (possibly the name parameter or variable), which is then written to data/topics.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015323", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015323" + }, + { + "name": "20051207 SimpleBBS <= v1.1 remote commands execution in c by: unitedasia security crew", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/418838/100/0/threaded" + }, + { + "name": "ADV-2005-2807", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2807" + }, + { + "name": "15764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15764" + }, + { + "name": "17949", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17949" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2258.json b/2009/2xxx/CVE-2009-2258.json index 2c95d7232f5..5fcb6387019 100644 --- a/2009/2xxx/CVE-2009-2258.json +++ b/2009/2xxx/CVE-2009-2258.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090615 Netgear DG632 Router Authentication Bypass Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504312/100/0/threaded" - }, - { - "name" : "8963", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8963" - }, - { - "name" : "http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt", - "refsource" : "MISC", - "url" : "http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt" - }, - { - "name" : "1022404", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022404" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt", + "refsource": "MISC", + "url": "http://www.tomneaves.co.uk/Netgear_DG632_Authentication_Bypass.txt" + }, + { + "name": "20090615 Netgear DG632 Router Authentication Bypass Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504312/100/0/threaded" + }, + { + "name": "8963", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8963" + }, + { + "name": "1022404", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022404" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2261.json b/2009/2xxx/CVE-2009-2261.json index d32cfca4053..49f61c212d5 100644 --- a/2009/2xxx/CVE-2009-2261.json +++ b/2009/2xxx/CVE-2009-2261.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2261", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and a command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2261", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8881", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8881" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and a command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8881", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8881" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2265.json b/2009/2xxx/CVE-2009-2265.json index 6608b4e7b68..d6d42fe126b 100644 --- a/2009/2xxx/CVE-2009-2265.json +++ b/2009/2xxx/CVE-2009-2265.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2265", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090703 [oCERT-2009-007] FCKeditor input sanitization errors", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504721/100/0/threaded" - }, - { - "name" : "[Zope-dev] 20090706 zope.html with FCKEditor security fix", - "refsource" : "MLIST", - "url" : "http://mail.zope.org/pipermail/zope-dev/2009-July/037195.html" - }, - { - "name" : "http://isc.sans.org/diary.html?storyid=6724", - "refsource" : "MISC", - "url" : "http://isc.sans.org/diary.html?storyid=6724" - }, - { - "name" : "http://www.ocert.org/advisories/ocert-2009-007.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2009-007.html" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=695430", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=695430" - }, - { - "name" : "DSA-1836", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1836" - }, - { - "name" : "FEDORA-2009-7761", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00710.html" - }, - { - "name" : "FEDORA-2009-7794", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00750.html" - }, - { - "name" : "1022513", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022513" - }, - { - "name" : "35833", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35833" - }, - { - "name" : "35909", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35909" - }, - { - "name" : "ADV-2009-1813", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1813" - }, - { - "name" : "ADV-2009-1825", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1825", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1825" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2009-007.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2009-007.html" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=695430", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=695430" + }, + { + "name": "35909", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35909" + }, + { + "name": "DSA-1836", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1836" + }, + { + "name": "FEDORA-2009-7761", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00710.html" + }, + { + "name": "35833", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35833" + }, + { + "name": "ADV-2009-1813", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1813" + }, + { + "name": "[Zope-dev] 20090706 zope.html with FCKEditor security fix", + "refsource": "MLIST", + "url": "http://mail.zope.org/pipermail/zope-dev/2009-July/037195.html" + }, + { + "name": "1022513", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022513" + }, + { + "name": "http://isc.sans.org/diary.html?storyid=6724", + "refsource": "MISC", + "url": "http://isc.sans.org/diary.html?storyid=6724" + }, + { + "name": "20090703 [oCERT-2009-007] FCKeditor input sanitization errors", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504721/100/0/threaded" + }, + { + "name": "FEDORA-2009-7794", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00750.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2296.json b/2009/2xxx/CVE-2009-2296.json index 494aeddcff1..a589e7719b5 100644 --- a/2009/2xxx/CVE-2009-2296.json +++ b/2009/2xxx/CVE-2009-2296.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the nfs_portmon setting, which allows remote attackers to access shares, and read, create, and modify arbitrary files, via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139991-03-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139991-03-1" - }, - { - "name" : "https://support.avaya.com/css/P8/documents/100058487", - "refsource" : "CONFIRM", - "url" : "https://support.avaya.com/css/P8/documents/100058487" - }, - { - "name" : "262668", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-262668-1" - }, - { - "name" : "35546", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35546" - }, - { - "name" : "55519", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55519" - }, - { - "name" : "1022492", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022492" - }, - { - "name" : "35672", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35672" - }, - { - "name" : "42550", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42550" - }, - { - "name" : "ADV-2009-1747", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1747" - }, - { - "name" : "solaris-nfsportmon-unauth-access(51450)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51450" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the nfs_portmon setting, which allows remote attackers to access shares, and read, create, and modify arbitrary files, via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "262668", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-262668-1" + }, + { + "name": "35672", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35672" + }, + { + "name": "ADV-2009-1747", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1747" + }, + { + "name": "42550", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42550" + }, + { + "name": "solaris-nfsportmon-unauth-access(51450)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51450" + }, + { + "name": "35546", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35546" + }, + { + "name": "https://support.avaya.com/css/P8/documents/100058487", + "refsource": "CONFIRM", + "url": "https://support.avaya.com/css/P8/documents/100058487" + }, + { + "name": "55519", + "refsource": "OSVDB", + "url": "http://osvdb.org/55519" + }, + { + "name": "1022492", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022492" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139991-03-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139991-03-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2655.json b/2009/2xxx/CVE-2009-2655.json index 23e24d8f58f..913a66cdc2c 100644 --- a/2009/2xxx/CVE-2009-2655.json +++ b/2009/2xxx/CVE-2009-2655.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9253", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9253" - }, - { - "name" : "35799", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35799" - }, - { - "name" : "oval:org.mitre.oval:def:12700", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12700" - }, - { - "name" : "ms-ie-mshtml-dos(52249)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52249" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35799", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35799" + }, + { + "name": "ms-ie-mshtml-dos(52249)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52249" + }, + { + "name": "oval:org.mitre.oval:def:12700", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12700" + }, + { + "name": "9253", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9253" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2755.json b/2009/2xxx/CVE-2009-2755.json index 8e64e62a1d0..18743b427cc 100644 --- a/2009/2xxx/CVE-2009-2755.json +++ b/2009/2xxx/CVE-2009-2755.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2755", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2755", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3071.json b/2009/3xxx/CVE-2009-3071.json index d84664780c0..9a20ee0be8d 100644 --- a/2009/3xxx/CVE-2009-3071.json +++ b/2009/3xxx/CVE-2009-3071.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-47.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-47.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=490196", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=490196" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=493649", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=493649" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=495444", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=495444" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=502017", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=502017" - }, - { - "name" : "DSA-1885", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1885" - }, - { - "name" : "RHSA-2009:1430", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1430.html" - }, - { - "name" : "SUSE-SA:2009:048", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2009_48_firefox.html" - }, - { - "name" : "36343", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36343" - }, - { - "name" : "oval:org.mitre.oval:def:10698", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10698" - }, - { - "name" : "oval:org.mitre.oval:def:5905", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5905" - }, - { - "name" : "36671", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36671" - }, - { - "name" : "37098", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37098" - }, - { - "name" : "36670", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36670" - }, - { - "name" : "36692", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36692" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1885", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1885" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=490196", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=490196" + }, + { + "name": "36343", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36343" + }, + { + "name": "SUSE-SA:2009:048", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2009_48_firefox.html" + }, + { + "name": "RHSA-2009:1430", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1430.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=495444", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=495444" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=493649", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=493649" + }, + { + "name": "36692", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36692" + }, + { + "name": "36670", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36670" + }, + { + "name": "36671", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36671" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-47.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-47.html" + }, + { + "name": "oval:org.mitre.oval:def:10698", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10698" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=502017", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=502017" + }, + { + "name": "37098", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37098" + }, + { + "name": "oval:org.mitre.oval:def:5905", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5905" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3578.json b/2009/3xxx/CVE-2009-3578.json index 8fedc04ae40..9e1a29d1514 100644 --- a/2009/3xxx/CVE-2009-3578.json +++ b/2009/3xxx/CVE-2009-3578.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya 6.5 and 7.0 allow remote attackers to execute arbitrary code via a (1) .ma or (2) .mb file that uses the Maya Embedded Language (MEL) python command or unspecified other MEL commands, related to \"Script Nodes.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091123 CORE-2009-0910: Autodesk Maya Script Nodes Arbitrary Command Execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508013/100/0/threaded" - }, - { - "name" : "http://www.coresecurity.com/content/maya-arbitrary-command-execution", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/maya-arbitrary-command-execution" - }, - { - "name" : "36636", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36636" - }, - { - "name" : "1023228", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya 6.5 and 7.0 allow remote attackers to execute arbitrary code via a (1) .ma or (2) .mb file that uses the Maya Embedded Language (MEL) python command or unspecified other MEL commands, related to \"Script Nodes.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36636", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36636" + }, + { + "name": "http://www.coresecurity.com/content/maya-arbitrary-command-execution", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/maya-arbitrary-command-execution" + }, + { + "name": "1023228", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023228" + }, + { + "name": "20091123 CORE-2009-0910: Autodesk Maya Script Nodes Arbitrary Command Execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508013/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3614.json b/2009/3xxx/CVE-2009-3614.json index 8691fca479e..b873c3f8131 100644 --- a/2009/3xxx/CVE-2009-3614.json +++ b/2009/3xxx/CVE-2009-3614.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3614", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3614", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3959.json b/2009/3xxx/CVE-2009-3959.json index 5bf67d2e0d2..7b0b1bf38ce 100644 --- a/2009/3xxx/CVE-2009-3959.json +++ b/2009/3xxx/CVE-2009-3959.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2009-3959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100115 VUPEN Security Research - Adobe Acrobat and Reader U3D Integer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508949" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-02.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=554293", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=554293" - }, - { - "name" : "RHSA-2010:0060", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0060.html" - }, - { - "name" : "SUSE-SA:2010:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html" - }, - { - "name" : "TA10-013A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-013A.html" - }, - { - "name" : "37756", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37756" - }, - { - "name" : "oval:org.mitre.oval:def:8539", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8539" - }, - { - "name" : "1023446", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023446" - }, - { - "name" : "38138", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38138" - }, - { - "name" : "38215", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38215" - }, - { - "name" : "ADV-2010-0103", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0103" - }, - { - "name" : "acrobat-reader-u3dsupport-code-exec(55557)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55557" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "acrobat-reader-u3dsupport-code-exec(55557)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55557" + }, + { + "name": "38138", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38138" + }, + { + "name": "20100115 VUPEN Security Research - Adobe Acrobat and Reader U3D Integer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508949" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-02.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html" + }, + { + "name": "RHSA-2010:0060", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html" + }, + { + "name": "37756", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37756" + }, + { + "name": "oval:org.mitre.oval:def:8539", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8539" + }, + { + "name": "ADV-2010-0103", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0103" + }, + { + "name": "1023446", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023446" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=554293", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293" + }, + { + "name": "38215", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38215" + }, + { + "name": "SUSE-SA:2010:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html" + }, + { + "name": "TA10-013A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4375.json b/2009/4xxx/CVE-2009-4375.json index cc27a4b0061..b4205abfbe4 100644 --- a/2009/4xxx/CVE-2009-4375.json +++ b/2009/4xxx/CVE-2009-4375.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the id_document parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cybsec.com/vuln/OSSIM_2_1_5_SQLi.pdf", - "refsource" : "MISC", - "url" : "http://www.cybsec.com/vuln/OSSIM_2_1_5_SQLi.pdf" - }, - { - "name" : "http://www.alienvault.com/community.php?section=News", - "refsource" : "CONFIRM", - "url" : "http://www.alienvault.com/community.php?section=News" - }, - { - "name" : "61149", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/61149" - }, - { - "name" : "37727", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37727" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the id_document parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cybsec.com/vuln/OSSIM_2_1_5_SQLi.pdf", + "refsource": "MISC", + "url": "http://www.cybsec.com/vuln/OSSIM_2_1_5_SQLi.pdf" + }, + { + "name": "37727", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37727" + }, + { + "name": "http://www.alienvault.com/community.php?section=News", + "refsource": "CONFIRM", + "url": "http://www.alienvault.com/community.php?section=News" + }, + { + "name": "61149", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/61149" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4542.json b/2009/4xxx/CVE-2009-4542.json index ac26fac4a2f..de0b790bc4d 100644 --- a/2009/4xxx/CVE-2009-4542.json +++ b/2009/4xxx/CVE-2009-4542.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4542", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft Support Center 2.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9397", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9397" - }, - { - "name" : "35997", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35997" - }, - { - "name" : "supportcenter-newticket-xss(52351)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52351" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft Support Center 2.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35997", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35997" + }, + { + "name": "9397", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9397" + }, + { + "name": "supportcenter-newticket-xss(52351)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52351" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0178.json b/2015/0xxx/CVE-2015-0178.json index 73ed0feab9f..5cc3e60ab99 100644 --- a/2015/0xxx/CVE-2015-0178.json +++ b/2015/0xxx/CVE-2015-0178.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Java overlay feature in IBM Bluemix Liberty before 1.13-20150209-1122 for Java does not properly support WAR applications, which allows remote attackers to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696864", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696864" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Java overlay feature in IBM Bluemix Liberty before 1.13-20150209-1122 for Java does not properly support WAR applications, which allows remote attackers to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21696864", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696864" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0295.json b/2015/0xxx/CVE-2015-0295.json index e44c2a79e56..e1738ad4ca6 100644 --- a/2015/0xxx/CVE-2015-0295.json +++ b/2015/0xxx/CVE-2015-0295.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-0295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Announce] 20150227 Qt Security Advisory: DoS vulnerability in the BMP image handler", - "refsource" : "MLIST", - "url" : "http://lists.qt-project.org/pipermail/announce/2015-February/000059.html" - }, - { - "name" : "FEDORA-2015-2866", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151034.html" - }, - { - "name" : "FEDORA-2015-2869", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151121.html" - }, - { - "name" : "FEDORA-2015-2886", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151138.html" - }, - { - "name" : "FEDORA-2015-2895", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150800.html" - }, - { - "name" : "FEDORA-2015-2897", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150940.html" - }, - { - "name" : "FEDORA-2015-2901", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151352.html" - }, - { - "name" : "openSUSE-SU-2015:0573", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html" - }, - { - "name" : "USN-2626-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2626-1" - }, - { - "name" : "73029", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "73029", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73029" + }, + { + "name": "[Announce] 20150227 Qt Security Advisory: DoS vulnerability in the BMP image handler", + "refsource": "MLIST", + "url": "http://lists.qt-project.org/pipermail/announce/2015-February/000059.html" + }, + { + "name": "FEDORA-2015-2866", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151034.html" + }, + { + "name": "FEDORA-2015-2901", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151352.html" + }, + { + "name": "openSUSE-SU-2015:0573", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html" + }, + { + "name": "FEDORA-2015-2886", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151138.html" + }, + { + "name": "FEDORA-2015-2895", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150800.html" + }, + { + "name": "USN-2626-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2626-1" + }, + { + "name": "FEDORA-2015-2897", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150940.html" + }, + { + "name": "FEDORA-2015-2869", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151121.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0469.json b/2015/0xxx/CVE-2015-0469.json index ab4bef45cb5..bf9784935dd 100644 --- a/2015/0xxx/CVE-2015-0469.json +++ b/2015/0xxx/CVE-2015-0469.json @@ -1,242 +1,242 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0158.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0158.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21883640" - }, - { - "name" : "DSA-3234", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3234" - }, - { - "name" : "DSA-3235", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3235" - }, - { - "name" : "DSA-3316", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3316" - }, - { - "name" : "GLSA-201603-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-11" - }, - { - "name" : "MDVSA-2015:212", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:212" - }, - { - "name" : "RHSA-2015:0806", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0806.html" - }, - { - "name" : "RHSA-2015:0807", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0807.html" - }, - { - "name" : "RHSA-2015:0808", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0808.html" - }, - { - "name" : "RHSA-2015:0809", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0809.html" - }, - { - "name" : "RHSA-2015:1006", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1006.html" - }, - { - "name" : "RHSA-2015:1007", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1007.html" - }, - { - "name" : "RHSA-2015:1020", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1020.html" - }, - { - "name" : "RHSA-2015:1021", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1021.html" - }, - { - "name" : "RHSA-2015:1091", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1091.html" - }, - { - "name" : "RHSA-2015:0854", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0854.html" - }, - { - "name" : "RHSA-2015:0857", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0857.html" - }, - { - "name" : "RHSA-2015:0858", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0858.html" - }, - { - "name" : "openSUSE-SU-2015:0773", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html" - }, - { - "name" : "openSUSE-SU-2015:0774", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html" - }, - { - "name" : "SUSE-SU-2015:0833", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html" - }, - { - "name" : "SUSE-SU-2016:0113", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html" - }, - { - "name" : "SUSE-SU-2015:2166", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html" - }, - { - "name" : "SUSE-SU-2015:2168", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html" - }, - { - "name" : "SUSE-SU-2015:2182", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html" - }, - { - "name" : "SUSE-SU-2015:2192", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html" - }, - { - "name" : "SUSE-SU-2015:2216", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html" - }, - { - "name" : "SUSE-SU-2015:1085", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html" - }, - { - "name" : "SUSE-SU-2015:1086", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html" - }, - { - "name" : "SUSE-SU-2015:1138", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html" - }, - { - "name" : "SUSE-SU-2015:1161", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html" - }, - { - "name" : "USN-2573-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2573-1" - }, - { - "name" : "USN-2574-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2574-1" - }, - { - "name" : "74072", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74072" - }, - { - "name" : "1032120", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:0857", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0857.html" + }, + { + "name": "DSA-3235", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3235" + }, + { + "name": "RHSA-2015:1007", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1007.html" + }, + { + "name": "SUSE-SU-2015:2182", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html" + }, + { + "name": "74072", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74072" + }, + { + "name": "RHSA-2015:0806", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0806.html" + }, + { + "name": "RHSA-2015:1006", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1006.html" + }, + { + "name": "SUSE-SU-2015:2192", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0158.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0158.html" + }, + { + "name": "SUSE-SU-2015:0833", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html" + }, + { + "name": "MDVSA-2015:212", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:212" + }, + { + "name": "RHSA-2015:1091", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1091.html" + }, + { + "name": "DSA-3316", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3316" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" + }, + { + "name": "SUSE-SU-2015:2166", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html" + }, + { + "name": "1032120", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032120" + }, + { + "name": "GLSA-201603-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-11" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640" + }, + { + "name": "openSUSE-SU-2015:0773", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html" + }, + { + "name": "SUSE-SU-2015:1138", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html" + }, + { + "name": "DSA-3234", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3234" + }, + { + "name": "USN-2573-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2573-1" + }, + { + "name": "SUSE-SU-2015:2216", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html" + }, + { + "name": "RHSA-2015:1020", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1020.html" + }, + { + "name": "RHSA-2015:0807", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0807.html" + }, + { + "name": "SUSE-SU-2015:1086", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html" + }, + { + "name": "SUSE-SU-2015:2168", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html" + }, + { + "name": "SUSE-SU-2015:1085", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html" + }, + { + "name": "RHSA-2015:0858", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0858.html" + }, + { + "name": "RHSA-2015:1021", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1021.html" + }, + { + "name": "RHSA-2015:0808", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0808.html" + }, + { + "name": "USN-2574-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2574-1" + }, + { + "name": "RHSA-2015:0809", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0809.html" + }, + { + "name": "openSUSE-SU-2015:0774", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html" + }, + { + "name": "SUSE-SU-2015:1161", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html" + }, + { + "name": "RHSA-2015:0854", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0854.html" + }, + { + "name": "SUSE-SU-2016:0113", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0950.json b/2015/0xxx/CVE-2015-0950.json index 580387bca6e..9b49259009f 100644 --- a/2015/0xxx/CVE-2015-0950.json +++ b/2015/0xxx/CVE-2015-0950.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script or HTML via the substring parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-0950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.x-cart.com/5-1-11-released.html", - "refsource" : "CONFIRM", - "url" : "https://blog.x-cart.com/5-1-11-released.html" - }, - { - "name" : "VU#924124", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/924124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script or HTML via the substring parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.x-cart.com/5-1-11-released.html", + "refsource": "CONFIRM", + "url": "https://blog.x-cart.com/5-1-11-released.html" + }, + { + "name": "VU#924124", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/924124" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1116.json b/2015/1xxx/CVE-2015-1116.json index f51f757068d..2da9387636b 100644 --- a/2015/1xxx/CVE-2015-1116.json +++ b/2015/1xxx/CVE-2015-1116.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204661", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204661" - }, - { - "name" : "APPLE-SA-2015-04-08-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" - }, - { - "name" : "73978", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73978" - }, - { - "name" : "1032050", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032050" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-04-08-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" + }, + { + "name": "1032050", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032050" + }, + { + "name": "73978", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73978" + }, + { + "name": "https://support.apple.com/HT204661", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204661" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1148.json b/2015/1xxx/CVE-2015-1148.json index 7e813432a75..f3c9df97e1f 100644 --- a/2015/1xxx/CVE-2015-1148.json +++ b/2015/1xxx/CVE-2015-1148.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204659", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204659" - }, - { - "name" : "APPLE-SA-2015-04-08-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" - }, - { - "name" : "73982", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73982" - }, - { - "name" : "1032048", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT204659", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204659" + }, + { + "name": "73982", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73982" + }, + { + "name": "1032048", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032048" + }, + { + "name": "APPLE-SA-2015-04-08-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1186.json b/2015/1xxx/CVE-2015-1186.json index bd5db66a278..366a097b74e 100644 --- a/2015/1xxx/CVE-2015-1186.json +++ b/2015/1xxx/CVE-2015-1186.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1186", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1186", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1463.json b/2015/1xxx/CVE-2015-1463.json index d031e56e372..72de1076e01 100644 --- a/2015/1xxx/CVE-2015-1463.json +++ b/2015/1xxx/CVE-2015-1463.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an \"incorrect compiler optimization.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html", - "refsource" : "CONFIRM", - "url" : "http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html" - }, - { - "name" : "FEDORA-2015-1437", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148950.html" - }, - { - "name" : "FEDORA-2015-1461", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148958.html" - }, - { - "name" : "GLSA-201512-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201512-08" - }, - { - "name" : "SUSE-SU-2015:0298", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00020.html" - }, - { - "name" : "openSUSE-SU-2015:0285", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00014.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an \"incorrect compiler optimization.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201512-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201512-08" + }, + { + "name": "openSUSE-SU-2015:0285", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00014.html" + }, + { + "name": "FEDORA-2015-1437", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148950.html" + }, + { + "name": "http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html", + "refsource": "CONFIRM", + "url": "http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html" + }, + { + "name": "SUSE-SU-2015:0298", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00020.html" + }, + { + "name": "FEDORA-2015-1461", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148958.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1525.json b/2015/1xxx/CVE-2015-1525.json index fcd20c17393..e3ef329d33f 100644 --- a/2015/1xxx/CVE-2015-1525.json +++ b/2015/1xxx/CVE-2015-1525.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1525", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1525", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1760.json b/2015/1xxx/CVE-2015-1760.json index 64da5f3dbb0..cf4e4e2e0b1 100644 --- a/2015/1xxx/CVE-2015-1760.json +++ b/2015/1xxx/CVE-2015-1760.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office Compatibility Pack SP3, Office 2010 SP2, Office 2013 SP1, and Office 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-059", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-059" - }, - { - "name" : "75015", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75015" - }, - { - "name" : "1032523", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032523" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office Compatibility Pack SP3, Office 2010 SP2, Office 2013 SP1, and Office 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032523", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032523" + }, + { + "name": "MS15-059", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-059" + }, + { + "name": "75015", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75015" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4275.json b/2015/4xxx/CVE-2015-4275.json index 0e401e1e0e3..3e2a138d085 100644 --- a/2015/4xxx/CVE-2015-4275.json +++ b/2015/4xxx/CVE-2015-4275.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 18.0.0.59167 and 18.0.0.59211 allows remote attackers to cause a denial of service via a malformed header in a GTPv2 packet, aka Bug ID CSCut11534." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150715 Cisco Packet Data Network Gateway GTPv2 Tunnel Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39934" - }, - { - "name" : "1032984", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032984" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 18.0.0.59167 and 18.0.0.59211 allows remote attackers to cause a denial of service via a malformed header in a GTPv2 packet, aka Bug ID CSCut11534." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032984", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032984" + }, + { + "name": "20150715 Cisco Packet Data Network Gateway GTPv2 Tunnel Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39934" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4481.json b/2015/4xxx/CVE-2015-4481.json index d94e7797535..2f9f15c1156 100644 --- a/2015/4xxx/CVE-2015-4481.json +++ b/2015/4xxx/CVE-2015-4481.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-4481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37925", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37925/" - }, - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-84.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-84.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1171518", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1171518" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "GLSA-201605-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201605-06" - }, - { - "name" : "openSUSE-SU-2015:1389", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html" - }, - { - "name" : "openSUSE-SU-2015:1390", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html" - }, - { - "name" : "openSUSE-SU-2015:1453", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html" - }, - { - "name" : "openSUSE-SU-2015:1454", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html" - }, - { - "name" : "1033372", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033372" - }, - { - "name" : "1033247", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033247" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1171518", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1171518" + }, + { + "name": "openSUSE-SU-2015:1454", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html" + }, + { + "name": "openSUSE-SU-2015:1389", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html" + }, + { + "name": "openSUSE-SU-2015:1453", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-84.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-84.html" + }, + { + "name": "37925", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37925/" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "1033247", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033247" + }, + { + "name": "GLSA-201605-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201605-06" + }, + { + "name": "1033372", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033372" + }, + { + "name": "openSUSE-SU-2015:1390", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4606.json b/2015/4xxx/CVE-2015-4606.json index dcf07c49576..6b5edfc535f 100644 --- a/2015/4xxx/CVE-2015-4606.json +++ b/2015/4xxx/CVE-2015-4606.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in the Job Fair (jobfair) extension before 1.0.1 for TYPO3, when using Apache with mod_mime, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the extension upload folder." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-013/", - "refsource" : "MISC", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-013/" - }, - { - "name" : "http://typo3.org/extensions/repository/view/jobfair", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/jobfair" - }, - { - "name" : "75238", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75238" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in the Job Fair (jobfair) extension before 1.0.1 for TYPO3, when using Apache with mod_mime, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the extension upload folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "75238", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75238" + }, + { + "name": "http://typo3.org/extensions/repository/view/jobfair", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/jobfair" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-013/", + "refsource": "MISC", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-013/" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4619.json b/2015/4xxx/CVE-2015-4619.json index 1c0226312b9..8d9529e108e 100644 --- a/2015/4xxx/CVE-2015-4619.json +++ b/2015/4xxx/CVE-2015-4619.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Spina before commit bfe44f289e336f80b6593032679300c493735e75." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150616 Re: Cross-Site Request Forgery in Spina CMS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/06/16/20" - }, - { - "name" : "https://github.com/denkGroot/Spina/commit/bfe44f289e336f80b6593032679300c493735e75", - "refsource" : "MISC", - "url" : "https://github.com/denkGroot/Spina/commit/bfe44f289e336f80b6593032679300c493735e75" - }, - { - "name" : "75216", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Spina before commit bfe44f289e336f80b6593032679300c493735e75." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "75216", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75216" + }, + { + "name": "[oss-security] 20150616 Re: Cross-Site Request Forgery in Spina CMS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/06/16/20" + }, + { + "name": "https://github.com/denkGroot/Spina/commit/bfe44f289e336f80b6593032679300c493735e75", + "refsource": "MISC", + "url": "https://github.com/denkGroot/Spina/commit/bfe44f289e336f80b6593032679300c493735e75" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5108.json b/2015/5xxx/CVE-2015-5108.json index ce0fb859cd2..b19b2a10531 100644 --- a/2015/5xxx/CVE-2015-5108.json +++ b/2015/5xxx/CVE-2015-5108.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5097 and CVE-2015-5109." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html" - }, - { - "name" : "75741", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75741" - }, - { - "name" : "1032892", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032892" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5097 and CVE-2015-5109." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032892", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032892" + }, + { + "name": "https://helpx.adobe.com/security/products/reader/apsb15-15.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/reader/apsb15-15.html" + }, + { + "name": "75741", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75741" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5158.json b/2015/5xxx/CVE-2015-5158.json index 9d854d8c786..713434d805d 100644 --- a/2015/5xxx/CVE-2015-5158.json +++ b/2015/5xxx/CVE-2015-5158.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance crash) via an invalid opcode in a SCSI command descriptor block." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Qemu-devel] 20150722 [PATCH] scsi: fix buffer overflow in scsi_req_parse_cdb (CVE-2015-5158)", - "refsource" : "MLIST", - "url" : "https://lists.nongnu.org/archive/html/qemu-devel/2015-07/msg04558.html" - }, - { - "name" : "GLSA-201510-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201510-02" - }, - { - "name" : "76016", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76016" - }, - { - "name" : "1033095", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033095" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance crash) via an invalid opcode in a SCSI command descriptor block." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "76016", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76016" + }, + { + "name": "[Qemu-devel] 20150722 [PATCH] scsi: fix buffer overflow in scsi_req_parse_cdb (CVE-2015-5158)", + "refsource": "MLIST", + "url": "https://lists.nongnu.org/archive/html/qemu-devel/2015-07/msg04558.html" + }, + { + "name": "GLSA-201510-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201510-02" + }, + { + "name": "1033095", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033095" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5568.json b/2015/5xxx/CVE-2015-5568.json index 29697b4f77a..e7465dcad08 100644 --- a/2015/5xxx/CVE-2015-5568.json +++ b/2015/5xxx/CVE-2015-5568.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to cause a denial of service (vector-length corruption) or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "38348", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38348/" - }, - { - "name" : "https://code.google.com/p/google-security-research/issues/detail?id=504", - "refsource" : "MISC", - "url" : "https://code.google.com/p/google-security-research/issues/detail?id=504" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html" - }, - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "GLSA-201509-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201509-07" - }, - { - "name" : "RHSA-2015:1814", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1814.html" - }, - { - "name" : "openSUSE-SU-2015:1781", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" - }, - { - "name" : "SUSE-SU-2015:1614", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html" - }, - { - "name" : "SUSE-SU-2015:1618", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html" - }, - { - "name" : "openSUSE-SU-2015:1616", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html" - }, - { - "name" : "76798", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76798" - }, - { - "name" : "1033629", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to cause a denial of service (vector-length corruption) or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1814", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1814.html" + }, + { + "name": "38348", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38348/" + }, + { + "name": "76798", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76798" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "openSUSE-SU-2015:1616", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html" + }, + { + "name": "1033629", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033629" + }, + { + "name": "SUSE-SU-2015:1618", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html" + }, + { + "name": "https://code.google.com/p/google-security-research/issues/detail?id=504", + "refsource": "MISC", + "url": "https://code.google.com/p/google-security-research/issues/detail?id=504" + }, + { + "name": "SUSE-SU-2015:1614", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html" + }, + { + "name": "GLSA-201509-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201509-07" + }, + { + "name": "openSUSE-SU-2015:1781", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5742.json b/2015/5xxx/CVE-2015-5742.json index fdc0cc93411..011acb60549 100644 --- a/2015/5xxx/CVE-2015-5742.json +++ b/2015/5xxx/CVE-2015-5742.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5742", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VeeamVixProxy in Veeam Backup & Replication (B&R) before 8.0 update 3 stores local administrator credentials in log files with world-readable permissions, which allows local users to obtain sensitive information by reading the files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151008 Veeam Backup & Replication Local Privilege Escalation Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536647/100/0/threaded" - }, - { - "name" : "20151008 Veeam Backup & Replication Local Privilege Escalation Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Oct/44" - }, - { - "name" : "http://packetstormsecurity.com/files/133906/Veeam-Backup-And-Replication-6-7-8-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133906/Veeam-Backup-And-Replication-6-7-8-Privilege-Escalation.html" - }, - { - "name" : "http://www.ush.it/2015/10/08/veeam-backup-replication-6-7-8-local-privilege-escalation-vulnerability/", - "refsource" : "MISC", - "url" : "http://www.ush.it/2015/10/08/veeam-backup-replication-6-7-8-local-privilege-escalation-vulnerability/" - }, - { - "name" : "http://www.veeam.com/kb2068", - "refsource" : "CONFIRM", - "url" : "http://www.veeam.com/kb2068" - }, - { - "name" : "https://www.veeam.com/kb2180", - "refsource" : "CONFIRM", - "url" : "https://www.veeam.com/kb2180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VeeamVixProxy in Veeam Backup & Replication (B&R) before 8.0 update 3 stores local administrator credentials in log files with world-readable permissions, which allows local users to obtain sensitive information by reading the files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/133906/Veeam-Backup-And-Replication-6-7-8-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133906/Veeam-Backup-And-Replication-6-7-8-Privilege-Escalation.html" + }, + { + "name": "https://www.veeam.com/kb2180", + "refsource": "CONFIRM", + "url": "https://www.veeam.com/kb2180" + }, + { + "name": "20151008 Veeam Backup & Replication Local Privilege Escalation Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Oct/44" + }, + { + "name": "20151008 Veeam Backup & Replication Local Privilege Escalation Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536647/100/0/threaded" + }, + { + "name": "http://www.veeam.com/kb2068", + "refsource": "CONFIRM", + "url": "http://www.veeam.com/kb2068" + }, + { + "name": "http://www.ush.it/2015/10/08/veeam-backup-replication-6-7-8-local-privilege-escalation-vulnerability/", + "refsource": "MISC", + "url": "http://www.ush.it/2015/10/08/veeam-backup-replication-6-7-8-local-privilege-escalation-vulnerability/" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5956.json b/2015/5xxx/CVE-2015-5956.json index 7ed0d37dc47..61b81d8d0e3 100644 --- a/2015/5xxx/CVE-2015-5956.json +++ b/2015/5xxx/CVE-2015-5956.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5956", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5956", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150914 [CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536464/100/0/threaded" - }, - { - "name" : "20150915 [CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Sep/57" - }, - { - "name" : "http://packetstormsecurity.com/files/133551/Typo3-CMS-6.2.14-4.5.40-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133551/Typo3-CMS-6.2.14-4.5.40-Cross-Site-Scripting.html" - }, - { - "name" : "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009/", - "refsource" : "CONFIRM", - "url" : "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009/" - }, - { - "name" : "1033551", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033551" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009/", + "refsource": "CONFIRM", + "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009/" + }, + { + "name": "20150915 [CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Sep/57" + }, + { + "name": "1033551", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033551" + }, + { + "name": "http://packetstormsecurity.com/files/133551/Typo3-CMS-6.2.14-4.5.40-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133551/Typo3-CMS-6.2.14-4.5.40-Cross-Site-Scripting.html" + }, + { + "name": "20150914 [CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536464/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3116.json b/2018/3xxx/CVE-2018-3116.json index d9686b923f2..cb3b64fca09 100644 --- a/2018/3xxx/CVE-2018-3116.json +++ b/2018/3xxx/CVE-2018-3116.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3116", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3116", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3270.json b/2018/3xxx/CVE-2018-3270.json index 2fced7829db..dc7c67fc548 100644 --- a/2018/3xxx/CVE-2018-3270.json +++ b/2018/3xxx/CVE-2018-3270.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Solaris Operating System", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 1.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105605", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105605" - }, - { - "name" : "1041895", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 1.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041895", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041895" + }, + { + "name": "105605", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105605" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3449.json b/2018/3xxx/CVE-2018-3449.json index 3daefa2e410..68b9ade1739 100644 --- a/2018/3xxx/CVE-2018-3449.json +++ b/2018/3xxx/CVE-2018-3449.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3449", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3449", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3686.json b/2018/3xxx/CVE-2018-3686.json index 8cbb7e9ffc7..99aec184761 100644 --- a/2018/3xxx/CVE-2018-3686.json +++ b/2018/3xxx/CVE-2018-3686.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2018-09-11T00:00:00", - "ID" : "CVE-2018-3686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "INTEL-SA-00086 Detection Tool", - "version" : { - "version_data" : [ - { - "version_value" : "Versions before 1.2.7.0." - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Code injection vulnerability in INTEL-SA-00086 Detection Tool before version 1.2.7.0 may allow a privileged user to potentially execute arbitrary code via local access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2018-09-11T00:00:00", + "ID": "CVE-2018-3686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "INTEL-SA-00086 Detection Tool", + "version": { + "version_data": [ + { + "version_value": "Versions before 1.2.7.0." + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00119.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00119.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Code injection vulnerability in INTEL-SA-00086 Detection Tool before version 1.2.7.0 may allow a privileged user to potentially execute arbitrary code via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00119.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00119.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3689.json b/2018/3xxx/CVE-2018-3689.json index 08ea589693e..9952f747b88 100644 --- a/2018/3xxx/CVE-2018-3689.json +++ b/2018/3xxx/CVE-2018-3689.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2018-03-16T00:00:00", - "ID" : "CVE-2018-3689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Guard Extensions Platform Software Component for Linux", - "version" : { - "version_data" : [ - { - "version_value" : "before 2.1.102" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AESM daemon in Intel Software Guard Extensions Platform Software Component for Linux before 2.1.102 can effectively be disabled by a local attacker creating a denial of services like remote attestation provided by the AESM." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2018-03-16T00:00:00", + "ID": "CVE-2018-3689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Guard Extensions Platform Software Component for Linux", + "version": { + "version_data": [ + { + "version_value": "before 2.1.102" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://01.org/security/advisories/intel-oss-10004", - "refsource" : "CONFIRM", - "url" : "https://01.org/security/advisories/intel-oss-10004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AESM daemon in Intel Software Guard Extensions Platform Software Component for Linux before 2.1.102 can effectively be disabled by a local attacker creating a denial of services like remote attestation provided by the AESM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://01.org/security/advisories/intel-oss-10004", + "refsource": "CONFIRM", + "url": "https://01.org/security/advisories/intel-oss-10004" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3722.json b/2018/3xxx/CVE-2018-3722.json index 40759893c0c..6707488595d 100644 --- a/2018/3xxx/CVE-2018-3722.json +++ b/2018/3xxx/CVE-2018-3722.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2018-3722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "merge-deep node module", - "version" : { - "version_data" : [ - { - "version_value" : "Versions before 3.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Modification of Assumed-Immutable Data (MAID) (CWE-471)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2018-3722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "merge-deep node module", + "version": { + "version_data": [ + { + "version_value": "Versions before 3.0.1" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/jonschlinkert/merge-deep/commit/2c33634da7129a5aefcc262d2fec2e72224404e5", - "refsource" : "MISC", - "url" : "https://github.com/jonschlinkert/merge-deep/commit/2c33634da7129a5aefcc262d2fec2e72224404e5" - }, - { - "name" : "https://hackerone.com/reports/310708", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/310708" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Modification of Assumed-Immutable Data (MAID) (CWE-471)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jonschlinkert/merge-deep/commit/2c33634da7129a5aefcc262d2fec2e72224404e5", + "refsource": "MISC", + "url": "https://github.com/jonschlinkert/merge-deep/commit/2c33634da7129a5aefcc262d2fec2e72224404e5" + }, + { + "name": "https://hackerone.com/reports/310708", + "refsource": "MISC", + "url": "https://hackerone.com/reports/310708" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6314.json b/2018/6xxx/CVE-2018-6314.json index 768b37428b4..86790627564 100644 --- a/2018/6xxx/CVE-2018-6314.json +++ b/2018/6xxx/CVE-2018-6314.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6314", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6314", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6319.json b/2018/6xxx/CVE-2018-6319.json index d8f2521a614..65033c9d5a2 100644 --- a/2018/6xxx/CVE-2018-6319.json +++ b/2018/6xxx/CVE-2018-6319.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. This argument is a memory address: if a caller passes a NULL pointer or a random invalid address, the driver will cause a Blue Screen of Death. If a program or malware does this at boot time, it can cause a persistent denial of service on the machine." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://29wspy.ru/exploits/CVE-2018-6319.pdf", - "refsource" : "MISC", - "url" : "https://29wspy.ru/exploits/CVE-2018-6319.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. This argument is a memory address: if a caller passes a NULL pointer or a random invalid address, the driver will cause a Blue Screen of Death. If a program or malware does this at boot time, it can cause a persistent denial of service on the machine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://29wspy.ru/exploits/CVE-2018-6319.pdf", + "refsource": "MISC", + "url": "https://29wspy.ru/exploits/CVE-2018-6319.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6607.json b/2018/6xxx/CVE-2018-6607.json index 76225f847da..c08f2ed81ac 100644 --- a/2018/6xxx/CVE-2018-6607.json +++ b/2018/6xxx/CVE-2018-6607.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6607", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6607", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6775.json b/2018/6xxx/CVE-2018-6775.json index fe7bb54eaad..ac80e459ec0 100644 --- a/2018/6xxx/CVE-2018-6775.json +++ b/2018/6xxx/CVE-2018-6775.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6775", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x990081C8." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6775", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Jiangmin_Antivirus_POC/tree/master/KrnlCall_990081C8", - "refsource" : "MISC", - "url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Jiangmin_Antivirus_POC/tree/master/KrnlCall_990081C8" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x990081C8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Jiangmin_Antivirus_POC/tree/master/KrnlCall_990081C8", + "refsource": "MISC", + "url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Jiangmin_Antivirus_POC/tree/master/KrnlCall_990081C8" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6937.json b/2018/6xxx/CVE-2018-6937.json index 1a789e57165..0ad00f80148 100644 --- a/2018/6xxx/CVE-2018-6937.json +++ b/2018/6xxx/CVE-2018-6937.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6937", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6937", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6961.json b/2018/6xxx/CVE-2018-6961.json index 0f60e0cb922..c6a61781816 100644 --- a/2018/6xxx/CVE-2018-6961.json +++ b/2018/6xxx/CVE-2018-6961.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "DATE_PUBLIC" : "2018-06-11T00:00:00", - "ID" : "CVE-2018-6961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NSX SD-WAN by VeloCloud", - "version" : { - "version_data" : [ - { - "version_value" : "prior to version 3.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "VMware" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "DATE_PUBLIC": "2018-06-11T00:00:00", + "ID": "CVE-2018-6961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NSX SD-WAN by VeloCloud", + "version": { + "version_data": [ + { + "version_value": "prior to version 3.1.0" + } + ] + } + } + ] + }, + "vendor_name": "VMware" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44959", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44959/" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2018-0011.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2018-0011.html" - }, - { - "name" : "104185", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104185" - }, - { - "name" : "1041210", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104185", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104185" + }, + { + "name": "44959", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44959/" + }, + { + "name": "1041210", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041210" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2018-0011.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2018-0011.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7015.json b/2018/7xxx/CVE-2018-7015.json index 440061a544d..803bc33fcb0 100644 --- a/2018/7xxx/CVE-2018-7015.json +++ b/2018/7xxx/CVE-2018-7015.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7015", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7015", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7149.json b/2018/7xxx/CVE-2018-7149.json index 7c55c3eb0fa..fd9085e3a20 100644 --- a/2018/7xxx/CVE-2018-7149.json +++ b/2018/7xxx/CVE-2018-7149.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7149", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7149", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7447.json b/2018/7xxx/CVE-2018-7447.json index 33da29d6c75..162be09bc00 100644 --- a/2018/7xxx/CVE-2018-7447.json +++ b/2018/7xxx/CVE-2018-7447.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/i7MEDIA/mojoportal/issues/82", - "refsource" : "MISC", - "url" : "https://github.com/i7MEDIA/mojoportal/issues/82" - }, - { - "name" : "103263", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103263", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103263" + }, + { + "name": "https://github.com/i7MEDIA/mojoportal/issues/82", + "refsource": "MISC", + "url": "https://github.com/i7MEDIA/mojoportal/issues/82" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7455.json b/2018/7xxx/CVE-2018-7455.json index e2c0f0ef073..26be453bfb3 100644 --- a/2018/7xxx/CVE-2018-7455.json +++ b/2018/7xxx/CVE-2018-7455.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819", - "refsource" : "MISC", - "url" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819", + "refsource": "MISC", + "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8833.json b/2018/8xxx/CVE-2018-8833.json index 0c9887df521..517c0d3d026 100644 --- a/2018/8xxx/CVE-2018-8833.json +++ b/2018/8xxx/CVE-2018-8833.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-04-25T00:00:00", - "ID" : "CVE-2018-8833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Advantech WebAccess HMI Designer", - "version" : { - "version_data" : [ - { - "version_value" : "Advantech WebAccess HMI Designer, Version 2.1.7.32 and prior." - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "HEAP-BASED BUFFER OVERFLOW CWE-122" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-04-25T00:00:00", + "ID": "CVE-2018-8833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advantech WebAccess HMI Designer", + "version": { + "version_data": [ + { + "version_value": "Advantech WebAccess HMI Designer, Version 2.1.7.32 and prior." + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-03" - }, - { - "name" : "103972", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103972" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HEAP-BASED BUFFER OVERFLOW CWE-122" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103972", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103972" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-03" + } + ] + } +} \ No newline at end of file