From 7cc948d096cbb1934bc96fc2dc7509f71dc6b180 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:41:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/0xxx/CVE-1999-0718.json | 140 ++++++------ 1999/0xxx/CVE-1999-0769.json | 120 +++++----- 1999/1xxx/CVE-1999-1070.json | 120 +++++----- 1999/1xxx/CVE-1999-1148.json | 140 ++++++------ 1999/1xxx/CVE-1999-1177.json | 140 ++++++------ 1999/1xxx/CVE-1999-1249.json | 140 ++++++------ 2000/0xxx/CVE-2000-0261.json | 150 ++++++------- 2000/0xxx/CVE-2000-0343.json | 130 +++++------ 2000/0xxx/CVE-2000-0347.json | 130 +++++------ 2000/0xxx/CVE-2000-0448.json | 140 ++++++------ 2000/0xxx/CVE-2000-0527.json | 130 +++++------ 2000/0xxx/CVE-2000-0581.json | 130 +++++------ 2000/0xxx/CVE-2000-0860.json | 170 +++++++------- 2000/1xxx/CVE-2000-1074.json | 150 ++++++------- 2000/1xxx/CVE-2000-1142.json | 150 ++++++------- 2005/2xxx/CVE-2005-2036.json | 140 ++++++------ 2005/2xxx/CVE-2005-2246.json | 170 +++++++------- 2005/2xxx/CVE-2005-2874.json | 180 +++++++-------- 2005/2xxx/CVE-2005-2943.json | 230 +++++++++---------- 2005/2xxx/CVE-2005-2983.json | 140 ++++++------ 2005/3xxx/CVE-2005-3101.json | 140 ++++++------ 2005/3xxx/CVE-2005-3427.json | 200 ++++++++--------- 2005/3xxx/CVE-2005-3448.json | 160 ++++++------- 2005/3xxx/CVE-2005-3513.json | 130 +++++------ 2005/3xxx/CVE-2005-3946.json | 150 ++++++------- 2009/2xxx/CVE-2009-2062.json | 150 ++++++------- 2009/2xxx/CVE-2009-2228.json | 140 ++++++------ 2009/2xxx/CVE-2009-2462.json | 420 +++++++++++++++++------------------ 2009/2xxx/CVE-2009-2656.json | 140 ++++++------ 2009/2xxx/CVE-2009-2794.json | 160 ++++++------- 2009/2xxx/CVE-2009-2796.json | 160 ++++++------- 2009/2xxx/CVE-2009-2909.json | 230 +++++++++---------- 2009/3xxx/CVE-2009-3035.json | 180 +++++++-------- 2009/3xxx/CVE-2009-3101.json | 130 +++++------ 2009/3xxx/CVE-2009-3139.json | 34 +-- 2009/3xxx/CVE-2009-3165.json | 150 ++++++------- 2009/3xxx/CVE-2009-3618.json | 210 +++++++++--------- 2015/0xxx/CVE-2015-0445.json | 120 +++++----- 2015/0xxx/CVE-2015-0492.json | 200 ++++++++--------- 2015/0xxx/CVE-2015-0775.json | 140 ++++++------ 2015/0xxx/CVE-2015-0838.json | 130 +++++------ 2015/1xxx/CVE-2015-1049.json | 120 +++++----- 2015/4xxx/CVE-2015-4084.json | 150 ++++++------- 2015/4xxx/CVE-2015-4181.json | 120 +++++----- 2015/4xxx/CVE-2015-4540.json | 130 +++++------ 2015/4xxx/CVE-2015-4654.json | 130 +++++------ 2015/8xxx/CVE-2015-8306.json | 120 +++++----- 2015/8xxx/CVE-2015-8729.json | 190 ++++++++-------- 2015/8xxx/CVE-2015-8964.json | 150 ++++++------- 2016/5xxx/CVE-2016-5772.json | 250 ++++++++++----------- 2018/2xxx/CVE-2018-2186.json | 34 +-- 2018/2xxx/CVE-2018-2726.json | 142 ++++++------ 2018/2xxx/CVE-2018-2969.json | 132 +++++------ 2018/3xxx/CVE-2018-3243.json | 174 +++++++-------- 2018/6xxx/CVE-2018-6081.json | 162 +++++++------- 2018/6xxx/CVE-2018-6436.json | 120 +++++----- 2018/6xxx/CVE-2018-6697.json | 34 +-- 2018/7xxx/CVE-2018-7262.json | 170 +++++++------- 2018/7xxx/CVE-2018-7283.json | 34 +-- 2018/7xxx/CVE-2018-7330.json | 150 ++++++------- 2018/7xxx/CVE-2018-7505.json | 132 +++++------ 2018/7xxx/CVE-2018-7670.json | 34 +-- 2019/5xxx/CVE-2019-5221.json | 34 +-- 2019/5xxx/CVE-2019-5497.json | 34 +-- 2019/5xxx/CVE-2019-5798.json | 34 +-- 65 files changed, 4597 insertions(+), 4597 deletions(-) diff --git a/1999/0xxx/CVE-1999-0718.json b/1999/0xxx/CVE-1999-0718.json index d2e6f9b2ca0..b74f1e4abb3 100644 --- a/1999/0xxx/CVE-1999-0718.json +++ b/1999/0xxx/CVE-1999-0718.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990823 IBM Gina security warning", - "refsource" : "NTBUGTRAQ", - "url" : "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9908&L=ntbugtraq&F=&S=&P=5534" - }, - { - "name" : "608", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/608" - }, - { - "name" : "ibm-gina-group-add(3166)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/3166" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-gina-group-add(3166)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/3166" + }, + { + "name": "19990823 IBM Gina security warning", + "refsource": "NTBUGTRAQ", + "url": "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9908&L=ntbugtraq&F=&S=&P=5534" + }, + { + "name": "608", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/608" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0769.json b/1999/0xxx/CVE-1999-0769.json index d9f4fe6fdfb..8e05521d17b 100644 --- a/1999/0xxx/CVE-1999-0769.json +++ b/1999/0xxx/CVE-1999-0769.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "611", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/611" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "611", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/611" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1070.json b/1999/1xxx/CVE-1999-1070.json index 3f993f97cd4..d40dcd0119e 100644 --- a/1999/1xxx/CVE-1999-1070.json +++ b/1999/1xxx/CVE-1999-1070.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in ping CGI program in Xylogics Annex terminal service allows remote attackers to cause a denial of service via a long query parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19980725 Annex DoS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/10021" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in ping CGI program in Xylogics Annex terminal service allows remote attackers to cause a denial of service via a long query parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19980725 Annex DoS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/10021" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1148.json b/1999/1xxx/CVE-1999-1148.json index 777e449eb00..023072a37b1 100644 --- a/1999/1xxx/CVE-1999-1148.json +++ b/1999/1xxx/CVE-1999-1148.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS98-006", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-006" - }, - { - "name" : "Q189262", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/support/kb/articles/Q189/2/62.ASP" - }, - { - "name" : "iis-passive-ftp(1215)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "Q189262", + "refsource": "MSKB", + "url": "http://support.microsoft.com/support/kb/articles/Q189/2/62.ASP" + }, + { + "name": "MS98-006", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-006" + }, + { + "name": "iis-passive-ftp(1215)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1215" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1177.json b/1999/1xxx/CVE-1999-1177.json index 1a07717da04..119f6e0509a 100644 --- a/1999/1xxx/CVE-1999-1177.json +++ b/1999/1xxx/CVE-1999-1177.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in nph-publish before 1.2 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the pathname for an upload operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.w3.org/Security/Faq/wwwsf4.html", - "refsource" : "MISC", - "url" : "http://www.w3.org/Security/Faq/wwwsf4.html" - }, - { - "name" : "http://www-genome.wi.mit.edu/WWW/tools/CGI_scripts/server_publish/nph-publish", - "refsource" : "CONFIRM", - "url" : "http://www-genome.wi.mit.edu/WWW/tools/CGI_scripts/server_publish/nph-publish" - }, - { - "name" : "http-cgi-nphpublish(2055)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/2055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in nph-publish before 1.2 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the pathname for an upload operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http-cgi-nphpublish(2055)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2055" + }, + { + "name": "http://www-genome.wi.mit.edu/WWW/tools/CGI_scripts/server_publish/nph-publish", + "refsource": "CONFIRM", + "url": "http://www-genome.wi.mit.edu/WWW/tools/CGI_scripts/server_publish/nph-publish" + }, + { + "name": "http://www.w3.org/Security/Faq/wwwsf4.html", + "refsource": "MISC", + "url": "http://www.w3.org/Security/Faq/wwwsf4.html" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1249.json b/1999/1xxx/CVE-1999-1249.json index 9714db97d2c..672cda0b97f 100644 --- a/1999/1xxx/CVE-1999-1249.json +++ b/1999/1xxx/CVE-1999-1249.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "movemail in HP-UX 10.20 has insecure permissions, which allows local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX9701-047", - "refsource" : "HP", - "url" : "http://www.codetalker.com/advisories/vendor/hp/hpsbux9701-047.html" - }, - { - "name" : "hp-movemail(2057)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/2057" - }, - { - "name" : "8099", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8099" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "movemail in HP-UX 10.20 has insecure permissions, which allows local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8099", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8099" + }, + { + "name": "HPSBUX9701-047", + "refsource": "HP", + "url": "http://www.codetalker.com/advisories/vendor/hp/hpsbux9701-047.html" + }, + { + "name": "hp-movemail(2057)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2057" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0261.json b/2000/0xxx/CVE-2000-0261.json index 41b71df462b..7768e0f520b 100644 --- a/2000/0xxx/CVE-2000-0261.json +++ b/2000/0xxx/CVE-2000-0261.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0261", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AVM KEN! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0261", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000415 (no subject)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-04/0073.html" - }, - { - "name" : "20000418 AVM's Statement", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=383085010.956159226625.JavaMail.root@web305-mc.mail.com" - }, - { - "name" : "1103", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1103" - }, - { - "name" : "1282", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AVM KEN! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1282", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1282" + }, + { + "name": "1103", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1103" + }, + { + "name": "20000418 AVM's Statement", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=383085010.956159226625.JavaMail.root@web305-mc.mail.com" + }, + { + "name": "20000415 (no subject)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-04/0073.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0343.json b/2000/0xxx/CVE-2000-0343.json index bbb97133fb5..0cde9cbea8b 100644 --- a/2000/0xxx/CVE-2000-0343.json +++ b/2000/0xxx/CVE-2000-0343.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Sniffit 0.3.x with the -L logging option enabled allows remote attackers to execute arbitrary commands via a long MAIL FROM mail header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000502 spj-003-000 - S0ftPj Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005021736.TAA01991@ALuSSi" - }, - { - "name" : "1158", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Sniffit 0.3.x with the -L logging option enabled allows remote attackers to execute arbitrary commands via a long MAIL FROM mail header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1158", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1158" + }, + { + "name": "20000502 spj-003-000 - S0ftPj Advisory", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005021736.TAA01991@ALuSSi" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0347.json b/2000/0xxx/CVE-2000-0347.json index e5b28d84dfe..9f285454fc4 100644 --- a/2000/0xxx/CVE-2000-0347.json +++ b/2000/0xxx/CVE-2000-0347.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows 95 and Windows 98 allow a remote attacker to cause a denial of service via a NetBIOS session request packet with a NULL source name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000501 el8.org advisory - Win 95/98 DoS (RFParalyze.c)", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=95737580922397&w=2" - }, - { - "name" : "1163", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1163" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows 95 and Windows 98 allow a remote attacker to cause a denial of service via a NetBIOS session request packet with a NULL source name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000501 el8.org advisory - Win 95/98 DoS (RFParalyze.c)", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=95737580922397&w=2" + }, + { + "name": "1163", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1163" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0448.json b/2000/0xxx/CVE-2000-0448.json index df2acc46715..7691a8df893 100644 --- a/2000/0xxx/CVE-2000-0448.json +++ b/2000/0xxx/CVE-2000-0448.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WebShield SMTP Management Tool version 4.5.44 does not properly restrict access to the management port when an IP address does not resolve to a hostname, which allows remote attackers to access the configuration via the GET_CONFIG command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000525 DST2K0003 : Buffer Overrun in NAI WebShield SMTP v4.5.44 Managem ent Tool", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net" - }, - { - "name" : "1253", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1253" - }, - { - "name" : "326", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/326" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WebShield SMTP Management Tool version 4.5.44 does not properly restrict access to the management port when an IP address does not resolve to a hostname, which allows remote attackers to access the configuration via the GET_CONFIG command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000525 DST2K0003 : Buffer Overrun in NAI WebShield SMTP v4.5.44 Managem ent Tool", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net" + }, + { + "name": "1253", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1253" + }, + { + "name": "326", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/326" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0527.json b/2000/0xxx/CVE-2000-0527.json index 3b2d9362860..2d144a58d5d 100644 --- a/2000/0xxx/CVE-2000-0527.json +++ b/2000/0xxx/CVE-2000-0527.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "userreg.cgi CGI program in MailStudio 2000 2.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000609 Mailstudio2000 CGI Vulnerabilities [S0ftPj.4]", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-06/0081.html" - }, - { - "name" : "1335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "userreg.cgi CGI program in MailStudio 2000 2.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000609 Mailstudio2000 CGI Vulnerabilities [S0ftPj.4]", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0081.html" + }, + { + "name": "1335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1335" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0581.json b/2000/0xxx/CVE-2000-0581.json index f9d57ccce09..bf48cd7f5f0 100644 --- a/2000/0xxx/CVE-2000-0581.json +++ b/2000/0xxx/CVE-2000-0581.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows 2000 Telnet Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros, which causes the server to crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000630 SecureXpert Advisory [SX-20000620-1]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000630161841.4619A-100000@fjord.fscinternet.com" - }, - { - "name" : "1414", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1414" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows 2000 Telnet Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros, which causes the server to crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000630 SecureXpert Advisory [SX-20000620-1]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000630161841.4619A-100000@fjord.fscinternet.com" + }, + { + "name": "1414", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1414" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0860.json b/2000/0xxx/CVE-2000-0860.json index 319e2075daf..adbb2d0bb9c 100644 --- a/2000/0xxx/CVE-2000-0860.json +++ b/2000/0xxx/CVE-2000-0860.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0860", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000903 (SRADV00001) Arbitrary file disclosure through PHP file upload", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-08/0455.html" - }, - { - "name" : "20000904 Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure through PHP file upload", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-08/0477.html" - }, - { - "name" : "http://cvsweb.php.net/viewcvs.cgi/php4/main/rfc1867.c.diff?r1=1.38%3Aphp_4_0_2&tr1=1.1&r2=text&tr2=1.45&diff_format=u", - "refsource" : "CONFIRM", - "url" : "http://cvsweb.php.net/viewcvs.cgi/php4/main/rfc1867.c.diff?r1=1.38%3Aphp_4_0_2&tr1=1.1&r2=text&tr2=1.45&diff_format=u" - }, - { - "name" : "MDKSA-2000:048", - "refsource" : "MANDRAKE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-09/0150.html" - }, - { - "name" : "1649", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1649" - }, - { - "name" : "php-file-upload(5190)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5190" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "php-file-upload(5190)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5190" + }, + { + "name": "20000904 Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure through PHP file upload", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0477.html" + }, + { + "name": "1649", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1649" + }, + { + "name": "http://cvsweb.php.net/viewcvs.cgi/php4/main/rfc1867.c.diff?r1=1.38%3Aphp_4_0_2&tr1=1.1&r2=text&tr2=1.45&diff_format=u", + "refsource": "CONFIRM", + "url": "http://cvsweb.php.net/viewcvs.cgi/php4/main/rfc1867.c.diff?r1=1.38%3Aphp_4_0_2&tr1=1.1&r2=text&tr2=1.45&diff_format=u" + }, + { + "name": "20000903 (SRADV00001) Arbitrary file disclosure through PHP file upload", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0455.html" + }, + { + "name": "MDKSA-2000:048", + "refsource": "MANDRAKE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0150.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1074.json b/2000/1xxx/CVE-2000-1074.json index cb4eb7f0ffa..64ed0cf4191 100644 --- a/2000/1xxx/CVE-2000-1074.json +++ b/2000/1xxx/CVE-2000-1074.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "csstart program in iCal 2.1 Patch 2 uses relative pathnames to install the libsocket and libnsl libraries, which could allow the icsuser account to gain root privileges by creating a Trojan Horse library in the current or parent directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A100900-1", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2000/a100900-1.txt" - }, - { - "name" : "1769", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1769" - }, - { - "name" : "ical-csstart-gain-access(5757)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5757" - }, - { - "name" : "7209", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "csstart program in iCal 2.1 Patch 2 uses relative pathnames to install the libsocket and libnsl libraries, which could allow the icsuser account to gain root privileges by creating a Trojan Horse library in the current or parent directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7209", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7209" + }, + { + "name": "ical-csstart-gain-access(5757)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5757" + }, + { + "name": "1769", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1769" + }, + { + "name": "A100900-1", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2000/a100900-1.txt" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1142.json b/2000/1xxx/CVE-2000-1142.json index 4a9112c47d0..510f5d87d86 100644 --- a/2000/1xxx/CVE-2000-1142.json +++ b/2000/1xxx/CVE-2000-1142.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Recourse ManTrap 1.6 generates an error when an attacker cd's to /proc/self/cwd and executes the pwd command, which allows attackers to determine that they are in a honeypot system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html" - }, - { - "name" : "20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html" - }, - { - "name" : "20001105 Mantrap Advisory Vendor Followup - Fate Research Labs", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=97349791405580&w=2" - }, - { - "name" : "mantrap-pwd-reveal-information(5949)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5949" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Recourse ManTrap 1.6 generates an error when an attacker cd's to /proc/self/cwd and executes the pwd command, which allows attackers to determine that they are in a honeypot system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20001105 Mantrap Advisory Vendor Followup - Fate Research Labs", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=97349791405580&w=2" + }, + { + "name": "mantrap-pwd-reveal-information(5949)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5949" + }, + { + "name": "20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html" + }, + { + "name": "20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2036.json b/2005/2xxx/CVE-2005-2036.json index e26699064e0..0bacbbe5aeb 100644 --- a/2005/2xxx/CVE-2005-2036.json +++ b/2005/2xxx/CVE-2005-2036.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "modifyUser.asp in Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to obtain the administrator password and email address via a modified nickname value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050616 CoolCafe Chat SQL injection", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/lists/fulldisclosure/2005/Jun/0205.html" - }, - { - "name" : "http://exploitlabs.com/files/advisories/EXPL-A-2005-009-coolcafe.txt", - "refsource" : "MISC", - "url" : "http://exploitlabs.com/files/advisories/EXPL-A-2005-009-coolcafe.txt" - }, - { - "name" : "17350", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/17350" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "modifyUser.asp in Cool Cafe (Cool Caf\u00e9) Chat 1.2.1 allows remote attackers to obtain the administrator password and email address via a modified nickname value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17350", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/17350" + }, + { + "name": "http://exploitlabs.com/files/advisories/EXPL-A-2005-009-coolcafe.txt", + "refsource": "MISC", + "url": "http://exploitlabs.com/files/advisories/EXPL-A-2005-009-coolcafe.txt" + }, + { + "name": "20050616 CoolCafe Chat SQL injection", + "refsource": "FULLDISC", + "url": "http://seclists.org/lists/fulldisclosure/2005/Jun/0205.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2246.json b/2005/2xxx/CVE-2005-2246.json index f94bcc34c1c..4ca015ea63c 100644 --- a/2005/2xxx/CVE-2005-2246.json +++ b/2005/2xxx/CVE-2005-2246.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1 allow remote attackers to execute arbitrary code via the (1) doc_path parameter to getpage.php or (2) set_menu parameter to lib/static/header.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3596", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3596" - }, - { - "name" : "20070329 iPhotoAlbum v1.1(header.php)Remote File Include Vulnerability", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-March/001474.html" - }, - { - "name" : "14229", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14229" - }, - { - "name" : "23189", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23189" - }, - { - "name" : "1014448", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014448" - }, - { - "name" : "16031", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1 allow remote attackers to execute arbitrary code via the (1) doc_path parameter to getpage.php or (2) set_menu parameter to lib/static/header.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14229", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14229" + }, + { + "name": "3596", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3596" + }, + { + "name": "1014448", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014448" + }, + { + "name": "20070329 iPhotoAlbum v1.1(header.php)Remote File Include Vulnerability", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-March/001474.html" + }, + { + "name": "16031", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16031" + }, + { + "name": "23189", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23189" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2874.json b/2005/2xxx/CVE-2005-2874.json index 5117e031b75..af136b1163c 100644 --- a/2005/2xxx/CVE-2005-2874.json +++ b/2005/2xxx/CVE-2005-2874.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a \"..\\..\" URL in an HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-2874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cups.org/str.php?L1042+P0+S-1+C0+I0+E0+Q1042", - "refsource" : "CONFIRM", - "url" : "http://www.cups.org/str.php?L1042+P0+S-1+C0+I0+E0+Q1042" - }, - { - "name" : "http://www.cups.org/relnotes.php#010123", - "refsource" : "CONFIRM", - "url" : "http://www.cups.org/relnotes.php#010123" - }, - { - "name" : "FEDORA-2005-908", - "refsource" : "FEDORA", - "url" : "http://lwn.net/Alerts/152835/" - }, - { - "name" : "RHSA-2005:772", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-772.html" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168072", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168072" - }, - { - "name" : "oval:org.mitre.oval:def:9774", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9774" - }, - { - "name" : "1012811", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012811" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a \"..\\..\" URL in an HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2005-908", + "refsource": "FEDORA", + "url": "http://lwn.net/Alerts/152835/" + }, + { + "name": "http://www.cups.org/relnotes.php#010123", + "refsource": "CONFIRM", + "url": "http://www.cups.org/relnotes.php#010123" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168072", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168072" + }, + { + "name": "1012811", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012811" + }, + { + "name": "RHSA-2005:772", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-772.html" + }, + { + "name": "oval:org.mitre.oval:def:9774", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9774" + }, + { + "name": "http://www.cups.org/str.php?L1042+P0+S-1+C0+I0+E0+Q1042", + "refsource": "CONFIRM", + "url": "http://www.cups.org/str.php?L1042+P0+S-1+C0+I0+E0+Q1042" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2943.json b/2005/2xxx/CVE-2005-2943.json index 0553b395fcc..ff36d679c7f 100644 --- a/2005/2xxx/CVE-2005-2943.json +++ b/2005/2xxx/CVE-2005-2943.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in sendmail in XMail before 1.22 allows remote attackers to execute arbitrary code via a long -t command line option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051013 Multiple Vendor XMail 'sendmail' Recipient Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=321&type=vulnerabilities" - }, - { - "name" : "http://www.xmailserver.org/ChangeLog.html#oct_12__2005_v_1_22", - "refsource" : "CONFIRM", - "url" : "http://www.xmailserver.org/ChangeLog.html#oct_12__2005_v_1_22" - }, - { - "name" : "DSA-902", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-902" - }, - { - "name" : "GLSA-200512-05", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200512-05.xml" - }, - { - "name" : "15103", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15103" - }, - { - "name" : "20010", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20010" - }, - { - "name" : "1015055", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015055" - }, - { - "name" : "17637", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17637" - }, - { - "name" : "18052", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18052" - }, - { - "name" : "17194", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17194" - }, - { - "name" : "81", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/81" - }, - { - "name" : "xmail-addressfromatptr-bo(22724)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22724" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in sendmail in XMail before 1.22 allows remote attackers to execute arbitrary code via a long -t command line option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-902", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-902" + }, + { + "name": "20051013 Multiple Vendor XMail 'sendmail' Recipient Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=321&type=vulnerabilities" + }, + { + "name": "15103", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15103" + }, + { + "name": "xmail-addressfromatptr-bo(22724)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22724" + }, + { + "name": "GLSA-200512-05", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200512-05.xml" + }, + { + "name": "18052", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18052" + }, + { + "name": "http://www.xmailserver.org/ChangeLog.html#oct_12__2005_v_1_22", + "refsource": "CONFIRM", + "url": "http://www.xmailserver.org/ChangeLog.html#oct_12__2005_v_1_22" + }, + { + "name": "81", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/81" + }, + { + "name": "20010", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20010" + }, + { + "name": "1015055", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015055" + }, + { + "name": "17637", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17637" + }, + { + "name": "17194", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17194" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2983.json b/2005/2xxx/CVE-2005-2983.json index f7f42d04ebf..16ac3cfe29b 100644 --- a/2005/2xxx/CVE-2005-2983.json +++ b/2005/2xxx/CVE-2005-2983.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050914 Oracle Reports: Generic SQL Injection Vulnerability via Lexical References", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112681849113948&w=2" - }, - { - "name" : "20050914 Oracle Reports: Generic SQL Injection Vulnerability via Lexical References", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037156.html" - }, - { - "name" : "http://www.red-database-security.com/wp/sql_injection_reports_us.pdf", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/wp/sql_injection_reports_us.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050914 Oracle Reports: Generic SQL Injection Vulnerability via Lexical References", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037156.html" + }, + { + "name": "20050914 Oracle Reports: Generic SQL Injection Vulnerability via Lexical References", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112681849113948&w=2" + }, + { + "name": "http://www.red-database-security.com/wp/sql_injection_reports_us.pdf", + "refsource": "MISC", + "url": "http://www.red-database-security.com/wp/sql_injection_reports_us.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3101.json b/2005/3xxx/CVE-2005-3101.json index c96844c2092..944a5d3063a 100644 --- a/2005/3xxx/CVE-2005-3101.json +++ b/2005/3xxx/CVE-2005-3101.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3101", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The password reset feature in Movable Type before 3.2 generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3101", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051103 Buggy blogging", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0091.html" - }, - { - "name" : "14911", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14911" - }, - { - "name" : "16899", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16899" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The password reset feature in Movable Type before 3.2 generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14911", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14911" + }, + { + "name": "20051103 Buggy blogging", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0091.html" + }, + { + "name": "16899", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16899" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3427.json b/2005/3xxx/CVE-2005-3427.json index bff40802cc8..08671546165 100644 --- a/2005/3xxx/CVE-2005-3427.json +++ b/2005/3xxx/CVE-2005-3427.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit port field values while generating the Cisco IOS IPS configuration file, wich can cause some signatures to be disabled and makes it easier for attackers to escape detection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051101 Cisco IPS MC Malformed Configuration Download Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20051101-ipsmc.shtml" - }, - { - "name" : "VU#154883", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/154883" - }, - { - "name" : "15269", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15269" - }, - { - "name" : "ADV-2005-2266", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2266" - }, - { - "name" : "20444", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20444" - }, - { - "name" : "1015133", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015133" - }, - { - "name" : "17397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17397" - }, - { - "name" : "137", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/137" - }, - { - "name" : "cisco-ios-ips-bypass-security(22926)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22926" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit port field values while generating the Cisco IOS IPS configuration file, wich can cause some signatures to be disabled and makes it easier for attackers to escape detection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-ios-ips-bypass-security(22926)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22926" + }, + { + "name": "ADV-2005-2266", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2266" + }, + { + "name": "20444", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20444" + }, + { + "name": "15269", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15269" + }, + { + "name": "VU#154883", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/154883" + }, + { + "name": "1015133", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015133" + }, + { + "name": "20051101 Cisco IPS MC Malformed Configuration Download Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20051101-ipsmc.shtml" + }, + { + "name": "137", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/137" + }, + { + "name": "17397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17397" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3448.json b/2005/3xxx/CVE-2005-3448.json index 18466f48e69..659cea2a27c 100644 --- a/2005/3xxx/CVE-2005-3448.json +++ b/2005/3xxx/CVE-2005-3448.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the OC4J Module in Oracle Application Server 9.0 up to 10.1.2.0.2 has unknown impact and attack vectors, as identified by Oracle Vuln# AS01." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html" - }, - { - "name" : "TA05-292A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-292A.html" - }, - { - "name" : "VU#210524", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/210524" - }, - { - "name" : "15134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15134" - }, - { - "name" : "17250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the OC4J Module in Oracle Application Server 9.0 up to 10.1.2.0.2 has unknown impact and attack vectors, as identified by Oracle Vuln# AS01." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html" + }, + { + "name": "TA05-292A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-292A.html" + }, + { + "name": "15134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15134" + }, + { + "name": "VU#210524", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/210524" + }, + { + "name": "17250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17250" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3513.json b/2005/3xxx/CVE-2005-3513.json index 5c3412e0687..e89468dee79 100644 --- a/2005/3xxx/CVE-2005-3513.json +++ b/2005/3xxx/CVE-2005-3513.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php in VUBB alpha rc1 allows remote attackers to obtain the installation path of the application via a viewforum action with the f parameter set to a single quote (')." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051101 VUBB XSS & path disclosure Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113087965608496&w=2" - }, - { - "name" : "http://irannetjob.com/content/view/152/28/", - "refsource" : "MISC", - "url" : "http://irannetjob.com/content/view/152/28/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php in VUBB alpha rc1 allows remote attackers to obtain the installation path of the application via a viewforum action with the f parameter set to a single quote (')." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051101 VUBB XSS & path disclosure Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113087965608496&w=2" + }, + { + "name": "http://irannetjob.com/content/view/152/28/", + "refsource": "MISC", + "url": "http://irannetjob.com/content/view/152/28/" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3946.json b/2005/3xxx/CVE-2005-3946.json index 158e11d75cf..94c120da6a8 100644 --- a/2005/3xxx/CVE-2005-3946.json +++ b/2005/3xxx/CVE-2005-3946.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera 8.50 allows remote attackers to cause a denial of service (crash) via a Java applet with a large string argument to the removeMember JNI method for the com.opera.JSObject class." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051129 Opera 8.50 DoS with simple java applet", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/418201/100/0/threaded" - }, - { - "name" : "20051201 Re: Opera 8.50 DoS with simple java applet", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/418274/100/0/threaded" - }, - { - "name" : "http://www.illegalaccess.org/exploit/opera85/OperaApplet.html", - "refsource" : "MISC", - "url" : "http://www.illegalaccess.org/exploit/opera85/OperaApplet.html" - }, - { - "name" : "15648", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15648" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera 8.50 allows remote attackers to cause a denial of service (crash) via a Java applet with a large string argument to the removeMember JNI method for the com.opera.JSObject class." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.illegalaccess.org/exploit/opera85/OperaApplet.html", + "refsource": "MISC", + "url": "http://www.illegalaccess.org/exploit/opera85/OperaApplet.html" + }, + { + "name": "15648", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15648" + }, + { + "name": "20051129 Opera 8.50 DoS with simple java applet", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/418201/100/0/threaded" + }, + { + "name": "20051201 Re: Opera 8.50 DoS with simple java applet", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/418274/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2062.json b/2009/2xxx/CVE-2009-2062.json index eccf20394e1..fca1715de1e 100644 --- a/2009/2xxx/CVE-2009-2062.json +++ b/2009/2xxx/CVE-2009-2062.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://research.microsoft.com/apps/pubs/default.aspx?id=79323", - "refsource" : "MISC", - "url" : "http://research.microsoft.com/apps/pubs/default.aspx?id=79323" - }, - { - "name" : "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf", - "refsource" : "MISC", - "url" : "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf" - }, - { - "name" : "35412", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35412" - }, - { - "name" : "safari-httpconnect-code-execution(51202)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51202" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "safari-httpconnect-code-execution(51202)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51202" + }, + { + "name": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf", + "refsource": "MISC", + "url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf" + }, + { + "name": "35412", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35412" + }, + { + "name": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323", + "refsource": "MISC", + "url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2228.json b/2009/2xxx/CVE-2009-2228.json index f9014da7643..aa79ec96a3b 100644 --- a/2009/2xxx/CVE-2009-2228.json +++ b/2009/2xxx/CVE-2009-2228.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in engine.php in Kasseler CMS allows remote attackers to inject arbitrary web script or HTML via the url parameter in a redirect action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8997", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8997" - }, - { - "name" : "35457", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35457" - }, - { - "name" : "ADV-2009-1652", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1652" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in engine.php in Kasseler CMS allows remote attackers to inject arbitrary web script or HTML via the url parameter in a redirect action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35457", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35457" + }, + { + "name": "8997", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8997" + }, + { + "name": "ADV-2009-1652", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1652" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2462.json b/2009/2xxx/CVE-2009-2462.json index a2697116bff..2e710a3e07e 100644 --- a/2009/2xxx/CVE-2009-2462.json +++ b/2009/2xxx/CVE-2009-2462.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) the frame chain and synchronous events, (2) a SetMayHaveFrame assertion and nsCSSFrameConstructor::CreateFloatingLetterFrame, (3) nsCSSFrameConstructor::ConstructFrame, (4) the child list and initial reflow, (5) GetLastSpecialSibling, (6) nsFrameManager::GetPrimaryFrameFor and MathML, (7) nsFrame::GetBoxAscent, (8) nsCSSFrameConstructor::AdjustParentFrame, (9) nsDOMOfflineResourceList, and (10) nsContentUtils::ComparePosition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-2462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-34.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-34.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=413085", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=413085" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=442227", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=442227" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=445177", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=445177" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=461861", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=461861" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=463350", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=463350" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=466763", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=466763" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=468211", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=468211" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=472668", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=472668" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=472950", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=472950" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=491134", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=491134" - }, - { - "name" : "FEDORA-2009-7961", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01032.html" - }, - { - "name" : "RHSA-2009:1162", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2009-1162.html" - }, - { - "name" : "RHSA-2009:1163", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2009-1163.html" - }, - { - "name" : "RHSA-2010:0153", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0153.html" - }, - { - "name" : "RHSA-2010:0154", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0154.html" - }, - { - "name" : "265068", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1" - }, - { - "name" : "1020800", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1" - }, - { - "name" : "SUSE-SA:2009:042", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html" - }, - { - "name" : "SUSE-SA:2009:039", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html" - }, - { - "name" : "35758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35758" - }, - { - "name" : "oval:org.mitre.oval:def:10906", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10906" - }, - { - "name" : "35914", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35914" - }, - { - "name" : "35943", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35943" - }, - { - "name" : "35944", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35944" - }, - { - "name" : "35947", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35947" - }, - { - "name" : "36145", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36145" - }, - { - "name" : "36005", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36005" - }, - { - "name" : "ADV-2009-1972", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1972" - }, - { - "name" : "ADV-2009-2152", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2152" - }, - { - "name" : "ADV-2010-0650", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0650" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) the frame chain and synchronous events, (2) a SetMayHaveFrame assertion and nsCSSFrameConstructor::CreateFloatingLetterFrame, (3) nsCSSFrameConstructor::ConstructFrame, (4) the child list and initial reflow, (5) GetLastSpecialSibling, (6) nsFrameManager::GetPrimaryFrameFor and MathML, (7) nsFrame::GetBoxAscent, (8) nsCSSFrameConstructor::AdjustParentFrame, (9) nsDOMOfflineResourceList, and (10) nsContentUtils::ComparePosition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "265068", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1" + }, + { + "name": "1020800", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1" + }, + { + "name": "RHSA-2010:0153", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0153.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=463350", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=463350" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=468211", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=468211" + }, + { + "name": "FEDORA-2009-7961", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01032.html" + }, + { + "name": "36145", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36145" + }, + { + "name": "35944", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35944" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=461861", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=461861" + }, + { + "name": "ADV-2010-0650", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0650" + }, + { + "name": "35943", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35943" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=442227", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=442227" + }, + { + "name": "SUSE-SA:2009:039", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html" + }, + { + "name": "RHSA-2009:1162", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2009-1162.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-34.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-34.html" + }, + { + "name": "RHSA-2010:0154", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0154.html" + }, + { + "name": "oval:org.mitre.oval:def:10906", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10906" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=466763", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=466763" + }, + { + "name": "35758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35758" + }, + { + "name": "ADV-2009-2152", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2152" + }, + { + "name": "36005", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36005" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=445177", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=445177" + }, + { + "name": "RHSA-2009:1163", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2009-1163.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=472668", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=472668" + }, + { + "name": "35947", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35947" + }, + { + "name": "SUSE-SA:2009:042", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=472950", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=472950" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=491134", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=491134" + }, + { + "name": "35914", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35914" + }, + { + "name": "ADV-2009-1972", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1972" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=413085", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=413085" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2656.json b/2009/2xxx/CVE-2009-2656.json index 9620a0aa87f..b06ce053ee5 100644 --- a/2009/2xxx/CVE-2009-2656.json +++ b/2009/2xxx/CVE-2009-2656.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2656", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the com.android.phone process in Android 1.0, 1.1, and 1.5 allows remote attackers to cause a denial of service (network disconnection) via a crafted SMS message, as demonstrated by Collin Mulliner and Charlie Miller at Black Hat USA 2009." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf", - "refsource" : "MISC", - "url" : "http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf" - }, - { - "name" : "35886", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35886" - }, - { - "name" : "56750", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56750" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the com.android.phone process in Android 1.0, 1.1, and 1.5 allows remote attackers to cause a denial of service (network disconnection) via a crafted SMS message, as demonstrated by Collin Mulliner and Charlie Miller at Black Hat USA 2009." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf", + "refsource": "MISC", + "url": "http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf" + }, + { + "name": "35886", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35886" + }, + { + "name": "56750", + "refsource": "OSVDB", + "url": "http://osvdb.org/56750" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2794.json b/2009/2xxx/CVE-2009-2794.json index da22baf7c93..b9442d45c1b 100644 --- a/2009/2xxx/CVE-2009-2794.json +++ b/2009/2xxx/CVE-2009-2794.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2794", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the \"Maximum inactivity time lock\" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2794", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3860", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3860" - }, - { - "name" : "APPLE-SA-2009-09-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html" - }, - { - "name" : "36342", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36342" - }, - { - "name" : "36677", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36677" - }, - { - "name" : "ipod-iphone-exchange-security-bypass(53181)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53181" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the \"Maximum inactivity time lock\" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ipod-iphone-exchange-security-bypass(53181)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53181" + }, + { + "name": "36342", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36342" + }, + { + "name": "APPLE-SA-2009-09-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html" + }, + { + "name": "36677", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36677" + }, + { + "name": "http://support.apple.com/kb/HT3860", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3860" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2796.json b/2009/2xxx/CVE-2009-2796.json index 2dc6f12f6d9..3cff697c6f1 100644 --- a/2009/2xxx/CVE-2009-2796.json +++ b/2009/2xxx/CVE-2009-2796.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2796", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3860", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3860" - }, - { - "name" : "APPLE-SA-2009-09-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html" - }, - { - "name" : "36335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36335" - }, - { - "name" : "36677", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36677" - }, - { - "name" : "ipod-iphone-password-info-disclosure(53185)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ipod-iphone-password-info-disclosure(53185)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53185" + }, + { + "name": "36335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36335" + }, + { + "name": "APPLE-SA-2009-09-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html" + }, + { + "name": "36677", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36677" + }, + { + "name": "http://support.apple.com/kb/HT3860", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3860" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2909.json b/2009/2xxx/CVE-2009-2909.json index 225344e6995..52bd9c18099 100644 --- a/2009/2xxx/CVE-2009-2909.json +++ b/2009/2xxx/CVE-2009-2909.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in the ax25_setsockopt function in net/ax25/af_ax25.c in the ax25 subsystem in the Linux kernel before 2.6.31.2 allows local users to cause a denial of service (OOPS) via a crafted optlen value in an SO_BINDTODEVICE operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-2909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20091002 [071/136] net ax25: Fix signed comparison in the sockopt handler", - "refsource" : "MLIST", - "url" : "http://article.gmane.org/gmane.linux.kernel/896907" - }, - { - "name" : "[oss-security] 20091007 More kernel CVE info (CVE-2009-2909)", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125494119617994&w=2" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=b7058842c940ad2c08dd829b21e5c92ebe3b8758", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=b7058842c940ad2c08dd829b21e5c92ebe3b8758" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=528887", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=528887" - }, - { - "name" : "FEDORA-2009-10525", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00483.html" - }, - { - "name" : "SUSE-SA:2009:054", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html" - }, - { - "name" : "SUSE-SA:2009:056", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html" - }, - { - "name" : "USN-864-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-864-1" - }, - { - "name" : "36635", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36635" - }, - { - "name" : "37075", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37075" - }, - { - "name" : "37351", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37351" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in the ax25_setsockopt function in net/ax25/af_ax25.c in the ax25 subsystem in the Linux kernel before 2.6.31.2 allows local users to cause a denial of service (OOPS) via a crafted optlen value in an SO_BINDTODEVICE operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=528887", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=528887" + }, + { + "name": "USN-864-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-864-1" + }, + { + "name": "37351", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37351" + }, + { + "name": "37075", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37075" + }, + { + "name": "[oss-security] 20091007 More kernel CVE info (CVE-2009-2909)", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125494119617994&w=2" + }, + { + "name": "SUSE-SA:2009:056", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html" + }, + { + "name": "[linux-kernel] 20091002 [071/136] net ax25: Fix signed comparison in the sockopt handler", + "refsource": "MLIST", + "url": "http://article.gmane.org/gmane.linux.kernel/896907" + }, + { + "name": "36635", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36635" + }, + { + "name": "FEDORA-2009-10525", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00483.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.2" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=b7058842c940ad2c08dd829b21e5c92ebe3b8758", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=b7058842c940ad2c08dd829b21e5c92ebe3b8758" + }, + { + "name": "SUSE-SA:2009:054", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3035.json b/2009/3xxx/CVE-2009-3035.json index 8f82bc8fd30..cce109a7200 100644 --- a/2009/3xxx/CVE-2009-3035.json +++ b/2009/3xxx/CVE-2009-3035.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3035", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and possibly execute arbitrary code by decrypting and using these credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3035", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100128_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100128_00" - }, - { - "name" : "37953", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37953" - }, - { - "name" : "62010", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62010" - }, - { - "name" : "1023521", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023521" - }, - { - "name" : "38356", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38356" - }, - { - "name" : "ADV-2010-0256", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0256" - }, - { - "name" : "symantec-ans-key-unauth-access(55952)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55952" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and possibly execute arbitrary code by decrypting and using these credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38356", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38356" + }, + { + "name": "37953", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37953" + }, + { + "name": "62010", + "refsource": "OSVDB", + "url": "http://osvdb.org/62010" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100128_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100128_00" + }, + { + "name": "1023521", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023521" + }, + { + "name": "symantec-ans-key-unauth-access(55952)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55952" + }, + { + "name": "ADV-2010-0256", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0256" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3101.json b/2009/3xxx/CVE-2009-3101.json index 23a157874be..d4bf8bfeb3d 100644 --- a/2009/3xxx/CVE-2009-3101.json +++ b/2009/3xxx/CVE-2009-3101.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3101", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 10, and OpenSolaris snv_109 through snv_122, does not properly handle Trusted Extensions, which allows local users to cause a denial of service (CPU consumption and console hang) by locking the screen, related to a regression in certain Solaris and OpenSolaris patches." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3101", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.opensolaris.org/view_bug.do?bug_id=6839026", - "refsource" : "CONFIRM", - "url" : "http://bugs.opensolaris.org/view_bug.do?bug_id=6839026" - }, - { - "name" : "266469", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266469-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 10, and OpenSolaris snv_109 through snv_122, does not properly handle Trusted Extensions, which allows local users to cause a denial of service (CPU consumption and console hang) by locking the screen, related to a regression in certain Solaris and OpenSolaris patches." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.opensolaris.org/view_bug.do?bug_id=6839026", + "refsource": "CONFIRM", + "url": "http://bugs.opensolaris.org/view_bug.do?bug_id=6839026" + }, + { + "name": "266469", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266469-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3139.json b/2009/3xxx/CVE-2009-3139.json index 34a1c8d6d7f..5984e40a679 100644 --- a/2009/3xxx/CVE-2009-3139.json +++ b/2009/3xxx/CVE-2009-3139.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3139", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2009-3139", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3165.json b/2009/3xxx/CVE-2009-3165.json index b8abe9468c9..c80149a72fe 100644 --- a/2009/3xxx/CVE-2009-3165.json +++ b/2009/3xxx/CVE-2009-3165.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugzilla.org/security/3.0.8/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/3.0.8/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=515191", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=515191" - }, - { - "name" : "36373", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36373" - }, - { - "name" : "36718", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.bugzilla.org/security/3.0.8/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/3.0.8/" + }, + { + "name": "36373", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36373" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=515191", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=515191" + }, + { + "name": "36718", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36718" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3618.json b/2009/3xxx/CVE-2009-3618.json index ecab6357b67..62f9df5432b 100644 --- a/2009/3xxx/CVE-2009-3618.json +++ b/2009/3xxx/CVE-2009-3618.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the view parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20091016 Re: viewvc: CVE request: XSS and illegal characters while printing name-value pairs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/10/16/10" - }, - { - "name" : "http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.2/CHANGES?revision=2235&pathrev=HEAD", - "refsource" : "CONFIRM", - "url" : "http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.2/CHANGES?revision=2235&pathrev=HEAD" - }, - { - "name" : "FEDORA-2009-8501", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00557.html" - }, - { - "name" : "FEDORA-2009-8507", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00566.html" - }, - { - "name" : "SUSE-SR:2009:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" - }, - { - "name" : "56997", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56997" - }, - { - "name" : "36292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36292" - }, - { - "name" : "36311", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36311" - }, - { - "name" : "ADV-2009-2257", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2257" - }, - { - "name" : "viewvc-view-xss(52430)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52430" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the view parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-2257", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2257" + }, + { + "name": "36292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36292" + }, + { + "name": "FEDORA-2009-8501", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00557.html" + }, + { + "name": "FEDORA-2009-8507", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00566.html" + }, + { + "name": "56997", + "refsource": "OSVDB", + "url": "http://osvdb.org/56997" + }, + { + "name": "[oss-security] 20091016 Re: viewvc: CVE request: XSS and illegal characters while printing name-value pairs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/10/16/10" + }, + { + "name": "36311", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36311" + }, + { + "name": "viewvc-view-xss(52430)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52430" + }, + { + "name": "http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.2/CHANGES?revision=2235&pathrev=HEAD", + "refsource": "CONFIRM", + "url": "http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.2/CHANGES?revision=2235&pathrev=HEAD" + }, + { + "name": "SUSE-SR:2009:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0445.json b/2015/0xxx/CVE-2015-0445.json index d4cce0c6cf1..e69af3417c5 100644 --- a/2015/0xxx/CVE-2015-0445.json +++ b/2015/0xxx/CVE-2015-0445.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality based on Trillium, a different vulnerability than CVE-2015-0443, CVE-2015-0444, CVE-2015-0446, CVE-2015-2634, CVE-2015-2635, CVE-2015-2636, CVE-2015-4758, and CVE-2015-4759." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality based on Trillium, a different vulnerability than CVE-2015-0443, CVE-2015-0444, CVE-2015-0446, CVE-2015-2634, CVE-2015-2635, CVE-2015-2636, CVE-2015-4758, and CVE-2015-4759." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0492.json b/2015/0xxx/CVE-2015-0492.json index fe7e6ce87c7..910eaf3bd21 100644 --- a/2015/0xxx/CVE-2015-0492.json +++ b/2015/0xxx/CVE-2015-0492.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0492", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0484." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" - }, - { - "name" : "GLSA-201603-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-11" - }, - { - "name" : "RHSA-2015:0854", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0854.html" - }, - { - "name" : "RHSA-2015:0857", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0857.html" - }, - { - "name" : "openSUSE-SU-2015:0773", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html" - }, - { - "name" : "openSUSE-SU-2015:0774", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html" - }, - { - "name" : "SUSE-SU-2015:0833", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html" - }, - { - "name" : "74129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74129" - }, - { - "name" : "1032120", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0484." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:0857", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0857.html" + }, + { + "name": "SUSE-SU-2015:0833", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" + }, + { + "name": "1032120", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032120" + }, + { + "name": "GLSA-201603-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-11" + }, + { + "name": "openSUSE-SU-2015:0773", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html" + }, + { + "name": "openSUSE-SU-2015:0774", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html" + }, + { + "name": "RHSA-2015:0854", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0854.html" + }, + { + "name": "74129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74129" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0775.json b/2015/0xxx/CVE-2015-0775.json index 2ebed06aa23..0448f0c242a 100644 --- a/2015/0xxx/CVE-2015-0775.json +++ b/2015/0xxx/CVE-2015-0775.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0775", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The banner (aka MOTD) implementation in Cisco NX-OS 4.1(2)E1(1f) on Nexus 4000 devices, 5.2(1)SV3(2.1) on Nexus 1000V devices, 6.0(2)N2(2) on Nexus 5000 devices, 6.2(11) on MDS 9000 devices, 6.2(12) on Nexus 7000 devices, 7.0(3) on Nexus 9000 devices, and 7.2(0)ZN(99.67) on Nexus 3000 devices allows remote attackers to cause a denial of service (login process reset) via an unspecified terminal-session request during TELNET session setup, aka Bug IDs CSCuo10554, CSCuu75466, CSCuu75471, CSCuu75484, CSCuu75498, CSCuu77170, and CSCuu77182." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0775", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150610 Cisco Nexus and Cisco Multilayer Director Switches MOTD Telnet Login Reset Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39280" - }, - { - "name" : "1032561", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032561" - }, - { - "name" : "1032562", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032562" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The banner (aka MOTD) implementation in Cisco NX-OS 4.1(2)E1(1f) on Nexus 4000 devices, 5.2(1)SV3(2.1) on Nexus 1000V devices, 6.0(2)N2(2) on Nexus 5000 devices, 6.2(11) on MDS 9000 devices, 6.2(12) on Nexus 7000 devices, 7.0(3) on Nexus 9000 devices, and 7.2(0)ZN(99.67) on Nexus 3000 devices allows remote attackers to cause a denial of service (login process reset) via an unspecified terminal-session request during TELNET session setup, aka Bug IDs CSCuo10554, CSCuu75466, CSCuu75471, CSCuu75484, CSCuu75498, CSCuu77170, and CSCuu77182." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032561", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032561" + }, + { + "name": "1032562", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032562" + }, + { + "name": "20150610 Cisco Nexus and Cisco Multilayer Director Switches MOTD Telnet Login Reset Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39280" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0838.json b/2015/0xxx/CVE-2015-0838.json index 1243c6f4e28..8dac9a54c0b 100644 --- a/2015/0xxx/CVE-2015-0838.json +++ b/2015/0xxx/CVE-2015-0838.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2015-0838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150322 Dulwich security issue", - "refsource" : "MLIST", - "url" : "https://lists.launchpad.net/dulwich-users/msg00829.html" - }, - { - "name" : "DSA-3206", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3206", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3206" + }, + { + "name": "[oss-security] 20150322 Dulwich security issue", + "refsource": "MLIST", + "url": "https://lists.launchpad.net/dulwich-users/msg00829.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1049.json b/2015/1xxx/CVE-2015-1049.json index 0837e826259..db8033b0eb2 100644 --- a/2015/1xxx/CVE-2015-1049.json +++ b/2015/1xxx/CVE-2015-1049.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1049", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web server on Siemens SCALANCE X-200IRT switches with firmware before 5.2.0 allows remote attackers to hijack sessions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1049", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-954136.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-954136.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web server on Siemens SCALANCE X-200IRT switches with firmware before 5.2.0 allows remote attackers to hijack sessions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-954136.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-954136.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4084.json b/2015/4xxx/CVE-2015-4084.json index 71844871c97..0ee3cf97056 100644 --- a/2015/4xxx/CVE-2015-4084.json +++ b/2015/4xxx/CVE-2015-4084.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Free Counter plugin 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value_ parameter in a check_stat action to wp-admin/admin-ajax.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150526 CVE-2015-4084 - WordPress Free Counter Plugin [Stored XSS]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535615/100/0/threaded" - }, - { - "name" : "37132", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37132/" - }, - { - "name" : "http://packetstormsecurity.com/files/132062/WordPress-Free-Counter-1.1-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132062/WordPress-Free-Counter-1.1-Cross-Site-Scripting.html" - }, - { - "name" : "74846", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74846" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Free Counter plugin 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value_ parameter in a check_stat action to wp-admin/admin-ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150526 CVE-2015-4084 - WordPress Free Counter Plugin [Stored XSS]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535615/100/0/threaded" + }, + { + "name": "74846", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74846" + }, + { + "name": "37132", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37132/" + }, + { + "name": "http://packetstormsecurity.com/files/132062/WordPress-Free-Counter-1.1-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132062/WordPress-Free-Counter-1.1-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4181.json b/2015/4xxx/CVE-2015-4181.json index de92302544e..d9e87b968a9 100644 --- a/2015/4xxx/CVE-2015-4181.json +++ b/2015/4xxx/CVE-2015-4181.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2015-4180." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150604 Re: CVE requests / Advisory: phpMyBackupPro", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/06/04/10" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2015-4180." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150604 Re: CVE requests / Advisory: phpMyBackupPro", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/06/04/10" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4540.json b/2015/4xxx/CVE-2015-4540.json index ebac8d6e4d4..6a4ecbf0d90 100644 --- a/2015/4xxx/CVE-2015-4540.json +++ b/2015/4xxx/CVE-2015-4540.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 6.8.1 P18 and 6.9.x before 6.9.1 P6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2015-4540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150909 ESA-2015-140: RSA Identity Management & Governance Multiple Cross-Site Scripting Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2015/Sep/36" - }, - { - "name" : "1033520", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 6.8.1 P18 and 6.9.x before 6.9.1 P6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150909 ESA-2015-140: RSA Identity Management & Governance Multiple Cross-Site Scripting Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2015/Sep/36" + }, + { + "name": "1033520", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033520" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4654.json b/2015/4xxx/CVE-2015-4654.json index d99ee4d3cf7..65186636a94 100644 --- a/2015/4xxx/CVE-2015-4654.json +++ b/2015/4xxx/CVE-2015-4654.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4654", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/132220/Joomla-EQ-Event-Calendar-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132220/Joomla-EQ-Event-Calendar-SQL-Injection.html" - }, - { - "name" : "75261", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75261" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "75261", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75261" + }, + { + "name": "http://packetstormsecurity.com/files/132220/Joomla-EQ-Event-Calendar-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132220/Joomla-EQ-Event-Calendar-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8306.json b/2015/8xxx/CVE-2015-8306.json index f5a43547392..7b8a5eb8f84 100644 --- a/2015/8xxx/CVE-2015-8306.json +++ b/2015/8xxx/CVE-2015-8306.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the HIFI driver in Huawei P8 phones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 allows attackers to cause a denial of service (system crash) or execute arbitrary code via an unspecified parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160104-03-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160104-03-smartphone-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the HIFI driver in Huawei P8 phones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 allows attackers to cause a denial of service (system crash) or execute arbitrary code via an unspecified parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160104-03-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160104-03-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8729.json b/2015/8xxx/CVE-2015-8729.json index 9b8f628a03c..6fb4777d040 100644 --- a/2015/8xxx/CVE-2015-8729.json +++ b/2015/8xxx/CVE-2015-8729.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2015-47.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2015-47.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11794", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11794" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=338da1c0ea0b2f8595d3a7b6d6c9548f7da3e27b", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=338da1c0ea0b2f8595d3a7b6d6c9548f7da3e27b" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" - }, - { - "name" : "DSA-3505", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3505" - }, - { - "name" : "GLSA-201604-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201604-05" - }, - { - "name" : "79382", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/79382" - }, - { - "name" : "1034551", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034551" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=338da1c0ea0b2f8595d3a7b6d6c9548f7da3e27b", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=338da1c0ea0b2f8595d3a7b6d6c9548f7da3e27b" + }, + { + "name": "79382", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/79382" + }, + { + "name": "DSA-3505", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3505" + }, + { + "name": "GLSA-201604-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201604-05" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11794", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11794" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2015-47.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2015-47.html" + }, + { + "name": "1034551", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034551" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8964.json b/2015/8xxx/CVE-2015-8964.json index 814d4d17fc9..fa15fd39b8f 100644 --- a/2015/8xxx/CVE-2015-8964.json +++ b/2015/8xxx/CVE-2015-8964.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2015-8964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd42bf1197144ede075a9d4793123f7689e164bc", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd42bf1197144ede075a9d4793123f7689e164bc" - }, - { - "name" : "http://source.android.com/security/bulletin/2016-11-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-11-01.html" - }, - { - "name" : "https://github.com/torvalds/linux/commit/dd42bf1197144ede075a9d4793123f7689e164bc", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/dd42bf1197144ede075a9d4793123f7689e164bc" - }, - { - "name" : "94138", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-11-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-11-01.html" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd42bf1197144ede075a9d4793123f7689e164bc", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd42bf1197144ede075a9d4793123f7689e164bc" + }, + { + "name": "https://github.com/torvalds/linux/commit/dd42bf1197144ede075a9d4793123f7689e164bc", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/dd42bf1197144ede075a9d4793123f7689e164bc" + }, + { + "name": "94138", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94138" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5772.json b/2016/5xxx/CVE-2016-5772.json index 0740d66e524..ed579518aa2 100644 --- a/2016/5xxx/CVE-2016-5772.json +++ b/2016/5xxx/CVE-2016-5772.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5772", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160623 Re: CVE for PHP 5.5.37 issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/23/4" - }, - { - "name" : "http://github.com/php/php-src/commit/a44c89e8af7c2410f4bfc5e097be2a5d0639a60c?w=1", - "refsource" : "CONFIRM", - "url" : "http://github.com/php/php-src/commit/a44c89e8af7c2410f4bfc5e097be2a5d0639a60c?w=1" - }, - { - "name" : "http://php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-5.php" - }, - { - "name" : "http://php.net/ChangeLog-7.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-7.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=72340", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=72340" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731" - }, - { - "name" : "https://support.apple.com/HT207170", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207170" - }, - { - "name" : "APPLE-SA-2016-09-20", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" - }, - { - "name" : "DSA-3618", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3618" - }, - { - "name" : "RHSA-2016:2750", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html" - }, - { - "name" : "SUSE-SU-2016:2013", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html" - }, - { - "name" : "openSUSE-SU-2016:1761", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html" - }, - { - "name" : "openSUSE-SU-2016:1922", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html" - }, - { - "name" : "91398", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91398" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://github.com/php/php-src/commit/a44c89e8af7c2410f4bfc5e097be2a5d0639a60c?w=1", + "refsource": "CONFIRM", + "url": "http://github.com/php/php-src/commit/a44c89e8af7c2410f4bfc5e097be2a5d0639a60c?w=1" + }, + { + "name": "APPLE-SA-2016-09-20", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" + }, + { + "name": "openSUSE-SU-2016:1761", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html" + }, + { + "name": "openSUSE-SU-2016:1922", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html" + }, + { + "name": "RHSA-2016:2750", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html" + }, + { + "name": "http://php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-5.php" + }, + { + "name": "https://bugs.php.net/bug.php?id=72340", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=72340" + }, + { + "name": "[oss-security] 20160623 Re: CVE for PHP 5.5.37 issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/23/4" + }, + { + "name": "DSA-3618", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3618" + }, + { + "name": "http://php.net/ChangeLog-7.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-7.php" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731" + }, + { + "name": "https://support.apple.com/HT207170", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207170" + }, + { + "name": "91398", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91398" + }, + { + "name": "SUSE-SU-2016:2013", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2186.json b/2018/2xxx/CVE-2018-2186.json index 7cc83b17551..263eb6e26ef 100644 --- a/2018/2xxx/CVE-2018-2186.json +++ b/2018/2xxx/CVE-2018-2186.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2186", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2186", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2726.json b/2018/2xxx/CVE-2018-2726.json index 8d46585c216..31cece0c1ff 100644 --- a/2018/2xxx/CVE-2018-2726.json +++ b/2018/2xxx/CVE-2018-2726.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Financial Services Market Risk", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.0.x" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Financial Services Market Risk component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Market Risk. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Market Risk accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Market Risk accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Market Risk. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Market Risk accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Market Risk accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Services Market Risk", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.0.x" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102664", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102664" - }, - { - "name" : "1040214", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Financial Services Market Risk component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Market Risk. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Market Risk accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Market Risk accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Market Risk. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Market Risk accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Market Risk accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "1040214", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040214" + }, + { + "name": "102664", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102664" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2969.json b/2018/2xxx/CVE-2018-2969.json index 89812b163c9..da9eee2a21a 100644 --- a/2018/2xxx/CVE-2018-2969.json +++ b/2018/2xxx/CVE-2018-2969.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2969", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Primavera Unifier", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "16.x" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). The supported version that is affected is 16.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Primavera Unifier accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Primavera Unifier accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2969", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Primavera Unifier", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "16.x" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104828", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104828" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). The supported version that is affected is 16.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Primavera Unifier accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Primavera Unifier accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104828", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104828" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3243.json b/2018/3xxx/CVE-2018-3243.json index 4176f2bb0ae..1ff3bc564d8 100644 --- a/2018/3xxx/CVE-2018-3243.json +++ b/2018/3xxx/CVE-2018-3243.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Applications Framework", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.4" - }, - { - "version_affected" : "=", - "version_value" : "12.2.5" - }, - { - "version_affected" : "=", - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: None). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Framework accessible data as well as unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Framework accessible data as well as unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Applications Framework", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.3" + }, + { + "version_affected": "=", + "version_value": "12.2.4" + }, + { + "version_affected": "=", + "version_value": "12.2.5" + }, + { + "version_affected": "=", + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105630", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105630" - }, - { - "name" : "1041897", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: None). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Framework accessible data as well as unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Framework accessible data as well as unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105630", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105630" + }, + { + "name": "1041897", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041897" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6081.json b/2018/6xxx/CVE-2018-6081.json index 6a4caa7052d..65a9b6909b1 100644 --- a/2018/6xxx/CVE-2018-6081.json +++ b/2018/6xxx/CVE-2018-6081.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-6081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "65.0.3325.146" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Inappropriate implementation" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-6081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "65.0.3325.146" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/797525", - "refsource" : "MISC", - "url" : "https://crbug.com/797525" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4182", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4182" - }, - { - "name" : "RHSA-2018:0484", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0484" - }, - { - "name" : "103297", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103297" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html" + }, + { + "name": "103297", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103297" + }, + { + "name": "RHSA-2018:0484", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0484" + }, + { + "name": "https://crbug.com/797525", + "refsource": "MISC", + "url": "https://crbug.com/797525" + }, + { + "name": "DSA-4182", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4182" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6436.json b/2018/6xxx/CVE-2018-6436.json index ada3f6da665..aecd2a6d896 100644 --- a/2018/6xxx/CVE-2018-6436.json +++ b/2018/6xxx/CVE-2018-6436.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@brocade.com", - "ID" : "CVE-2018-6436", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Brocade Fabric OS", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d" - } - ] - } - } - ] - }, - "vendor_name" : "Brocade Communications Systems, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@brocade.com", + "ID": "CVE-2018-6436", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Brocade Fabric OS", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d" + } + ] + } + } + ] + }, + "vendor_name": "Brocade Communications Systems, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-730", - "refsource" : "CONFIRM", - "url" : "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-730" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-730", + "refsource": "CONFIRM", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-730" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6697.json b/2018/6xxx/CVE-2018-6697.json index 371028827ad..b7f21c42b95 100644 --- a/2018/6xxx/CVE-2018-6697.json +++ b/2018/6xxx/CVE-2018-6697.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6697", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6697", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7262.json b/2018/7xxx/CVE-2018-7262.json index 30a8670a0ea..9e78e32a0f4 100644 --- a/2018/7xxx/CVE-2018-7262.json +++ b/2018/7xxx/CVE-2018-7262.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tracker.ceph.com/issues/23039", - "refsource" : "CONFIRM", - "url" : "http://tracker.ceph.com/issues/23039" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1546611", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1546611" - }, - { - "name" : "https://github.com/ceph/ceph/pull/20488", - "refsource" : "CONFIRM", - "url" : "https://github.com/ceph/ceph/pull/20488" - }, - { - "name" : "FEDORA-2018-ed907ef9a0", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/74VI6EPZ6LD2O4JJXJBTYQ4U4VUO2ZDO/" - }, - { - "name" : "RHSA-2018:0546", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0546" - }, - { - "name" : "RHSA-2018:0548", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:0546", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0546" + }, + { + "name": "https://github.com/ceph/ceph/pull/20488", + "refsource": "CONFIRM", + "url": "https://github.com/ceph/ceph/pull/20488" + }, + { + "name": "http://tracker.ceph.com/issues/23039", + "refsource": "CONFIRM", + "url": "http://tracker.ceph.com/issues/23039" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1546611", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546611" + }, + { + "name": "RHSA-2018:0548", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0548" + }, + { + "name": "FEDORA-2018-ed907ef9a0", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/74VI6EPZ6LD2O4JJXJBTYQ4U4VUO2ZDO/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7283.json b/2018/7xxx/CVE-2018-7283.json index 1b055da4973..792732a675a 100644 --- a/2018/7xxx/CVE-2018-7283.json +++ b/2018/7xxx/CVE-2018-7283.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7283", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7283", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7330.json b/2018/7xxx/CVE-2018-7330.json index 0d31a04e04e..f4baf3a2ee2 100644 --- a/2018/7xxx/CVE-2018-7330.json +++ b/2018/7xxx/CVE-2018-7330.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14428", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14428" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8ad0c5b3683a17d9e2e16bbf25869140fd5c1c66", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8ad0c5b3683a17d9e2e16bbf25869140fd5c1c66" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2018-06.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2018-06.html" - }, - { - "name" : "103158", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14428", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14428" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2018-06.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2018-06.html" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8ad0c5b3683a17d9e2e16bbf25869140fd5c1c66", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8ad0c5b3683a17d9e2e16bbf25869140fd5c1c66" + }, + { + "name": "103158", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103158" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7505.json b/2018/7xxx/CVE-2018-7505.json index fd8a87702bd..7f2c1d7c876 100644 --- a/2018/7xxx/CVE-2018-7505.json +++ b/2018/7xxx/CVE-2018-7505.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-05-15T00:00:00", - "ID" : "CVE-2018-7505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebAccess", - "version" : { - "version_data" : [ - { - "version_value" : "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." - } - ] - } - } - ] - }, - "vendor_name" : "Advantech" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER AUTHORIZATION CWE-264" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-05-15T00:00:00", + "ID": "CVE-2018-7505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebAccess", + "version": { + "version_data": [ + { + "version_value": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." + } + ] + } + } + ] + }, + "vendor_name": "Advantech" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" - }, - { - "name" : "104190", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104190" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER AUTHORIZATION CWE-264" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104190", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104190" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7670.json b/2018/7xxx/CVE-2018-7670.json index f9d70b4929f..92ff1bfd89d 100644 --- a/2018/7xxx/CVE-2018-7670.json +++ b/2018/7xxx/CVE-2018-7670.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7670", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7670", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5221.json b/2019/5xxx/CVE-2019-5221.json index 09e24cf454b..9966a70a6c2 100644 --- a/2019/5xxx/CVE-2019-5221.json +++ b/2019/5xxx/CVE-2019-5221.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5221", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5221", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5497.json b/2019/5xxx/CVE-2019-5497.json index 5842bedc18c..2d8c851af02 100644 --- a/2019/5xxx/CVE-2019-5497.json +++ b/2019/5xxx/CVE-2019-5497.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5497", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5497", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5798.json b/2019/5xxx/CVE-2019-5798.json index a2cb0f901a2..57b8f830c52 100644 --- a/2019/5xxx/CVE-2019-5798.json +++ b/2019/5xxx/CVE-2019-5798.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5798", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5798", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file