From 92a5c751d04dfda5831d5f705ca3702d829a37a5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:34:02 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/0xxx/CVE-1999-0382.json | 120 ++++----- 1999/0xxx/CVE-1999-0768.json | 120 ++++----- 1999/1xxx/CVE-1999-1093.json | 140 +++++----- 1999/1xxx/CVE-1999-1341.json | 130 +++++----- 1999/1xxx/CVE-1999-1412.json | 130 +++++----- 1999/1xxx/CVE-1999-1574.json | 140 +++++----- 2000/0xxx/CVE-2000-0011.json | 140 +++++----- 2000/0xxx/CVE-2000-0058.json | 130 +++++----- 2000/0xxx/CVE-2000-0372.json | 140 +++++----- 2000/0xxx/CVE-2000-0440.json | 140 +++++----- 2000/0xxx/CVE-2000-0547.json | 160 ++++++------ 2000/0xxx/CVE-2000-0645.json | 130 +++++----- 2000/0xxx/CVE-2000-0788.json | 150 +++++------ 2000/0xxx/CVE-2000-0884.json | 160 ++++++------ 2000/1xxx/CVE-2000-1008.json | 130 +++++----- 2000/1xxx/CVE-2000-1200.json | 140 +++++----- 2005/2xxx/CVE-2005-2343.json | 160 ++++++------ 2005/2xxx/CVE-2005-2362.json | 190 +++++++------- 2005/2xxx/CVE-2005-2811.json | 120 ++++----- 2005/2xxx/CVE-2005-2920.json | 220 ++++++++-------- 2005/3xxx/CVE-2005-3060.json | 190 +++++++------- 2005/3xxx/CVE-2005-3206.json | 200 +++++++-------- 2005/3xxx/CVE-2005-3371.json | 160 ++++++------ 2005/3xxx/CVE-2005-3474.json | 150 +++++------ 2007/5xxx/CVE-2007-5356.json | 34 +-- 2009/2xxx/CVE-2009-2063.json | 150 +++++------ 2009/2xxx/CVE-2009-2094.json | 140 +++++----- 2009/2xxx/CVE-2009-2142.json | 140 +++++----- 2009/2xxx/CVE-2009-2499.json | 140 +++++----- 2009/2xxx/CVE-2009-2670.json | 480 +++++++++++++++++------------------ 2009/3xxx/CVE-2009-3103.json | 290 ++++++++++----------- 2009/3xxx/CVE-2009-3349.json | 130 +++++----- 2009/3xxx/CVE-2009-3634.json | 180 ++++++------- 2015/0xxx/CVE-2015-0231.json | 350 ++++++++++++------------- 2015/0xxx/CVE-2015-0343.json | 160 ++++++------ 2015/0xxx/CVE-2015-0701.json | 140 +++++----- 2015/0xxx/CVE-2015-0781.json | 140 +++++----- 2015/0xxx/CVE-2015-0839.json | 180 ++++++------- 2015/1xxx/CVE-2015-1244.json | 210 +++++++-------- 2015/1xxx/CVE-2015-1469.json | 120 ++++----- 2015/1xxx/CVE-2015-1736.json | 150 +++++------ 2015/1xxx/CVE-2015-1834.json | 136 +++++----- 2015/4xxx/CVE-2015-4051.json | 170 ++++++------- 2015/4xxx/CVE-2015-4170.json | 190 +++++++------- 2015/4xxx/CVE-2015-4217.json | 160 ++++++------ 2015/4xxx/CVE-2015-4311.json | 34 +-- 2015/4xxx/CVE-2015-4573.json | 34 +-- 2015/8xxx/CVE-2015-8058.json | 180 ++++++------- 2015/8xxx/CVE-2015-8631.json | 200 +++++++-------- 2015/8xxx/CVE-2015-8728.json | 190 +++++++------- 2015/8xxx/CVE-2015-8850.json | 34 +-- 2016/5xxx/CVE-2016-5046.json | 34 +-- 2018/2xxx/CVE-2018-2072.json | 34 +-- 2018/2xxx/CVE-2018-2356.json | 34 +-- 2018/3xxx/CVE-2018-3849.json | 122 ++++----- 2018/6xxx/CVE-2018-6155.json | 34 +-- 2018/6xxx/CVE-2018-6210.json | 120 ++++----- 2018/6xxx/CVE-2018-6492.json | 240 +++++++++--------- 2018/6xxx/CVE-2018-6889.json | 130 +++++----- 2018/6xxx/CVE-2018-6999.json | 34 +-- 2018/7xxx/CVE-2018-7029.json | 34 +-- 2018/7xxx/CVE-2018-7460.json | 34 +-- 2018/7xxx/CVE-2018-7889.json | 130 +++++----- 2019/5xxx/CVE-2019-5093.json | 34 +-- 2019/5xxx/CVE-2019-5140.json | 34 +-- 2019/5xxx/CVE-2019-5664.json | 34 +-- 2019/5xxx/CVE-2019-5943.json | 34 +-- 67 files changed, 4584 insertions(+), 4584 deletions(-) diff --git a/1999/0xxx/CVE-1999-0382.json b/1999/0xxx/CVE-1999-0382.json index 2c3227902e4..070220f6c60 100644 --- a/1999/0xxx/CVE-1999-0382.json +++ b/1999/0xxx/CVE-1999-0382.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS99-008", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS99-008", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-008" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0768.json b/1999/0xxx/CVE-1999-0768.json index 602e6edc98f..8502c686ec0 100644 --- a/1999/0xxx/CVE-1999-0768.json +++ b/1999/0xxx/CVE-1999-0768.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO environmental variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "602", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO environmental variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "602", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/602" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1093.json b/1999/1xxx/CVE-1999-1093.json index 3771df946d5..9fe97e07555 100644 --- a/1999/1xxx/CVE-1999-1093.json +++ b/1999/1xxx/CVE-1999-1093.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS98-011", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-011" - }, - { - "name" : "Q191200", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/support/kb/articles/q191/2/00.asp" - }, - { - "name" : "java-script-patch(1276)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/1276.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "Q191200", + "refsource": "MSKB", + "url": "http://support.microsoft.com/support/kb/articles/q191/2/00.asp" + }, + { + "name": "MS98-011", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-011" + }, + { + "name": "java-script-patch(1276)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/1276.php" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1341.json b/1999/1xxx/CVE-1999-1341.json index f3d70054145..b93709a2f64 100644 --- a/1999/1xxx/CVE-1999-1341.json +++ b/1999/1xxx/CVE-1999-1341.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options, allows local unprivileged users to forge IP packets via the TIOCSETD option on tty devices." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19991022 Local user can send forged packets", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=94061108411308&w=2" - }, - { - "name" : "linux-tiocsetd-forge-packets(7858)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7858" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options, allows local unprivileged users to forge IP packets via the TIOCSETD option on tty devices." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "linux-tiocsetd-forge-packets(7858)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7858" + }, + { + "name": "19991022 Local user can send forged packets", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=94061108411308&w=2" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1412.json b/1999/1xxx/CVE-1999-1412.json index 96b158ff5e5..cb1ca3c65ea 100644 --- a/1999/1xxx/CVE-1999-1412.json +++ b/1999/1xxx/CVE-1999-1412.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1412", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1412", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990603 MacOS X system panic with CGI", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/14215" - }, - { - "name" : "306", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19990603 MacOS X system panic with CGI", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/14215" + }, + { + "name": "306", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/306" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1574.json b/1999/1xxx/CVE-1999-1574.json index 671365f296e..ca5d10d54b9 100644 --- a/1999/1xxx/CVE-1999-1574.json +++ b/1999/1xxx/CVE-1999-1574.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1574", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the lex routines of nslookup for AIX 4.3 may allow attackers to cause a core dump and possibly execute arbitrary code via \"long input strings.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IX79909", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IX79909&apar=only" - }, - { - "name" : "VU#182777", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/182777" - }, - { - "name" : "aix-nslookup-lex-bo(7867)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the lex routines of nslookup for AIX 4.3 may allow attackers to cause a core dump and possibly execute arbitrary code via \"long input strings.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#182777", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/182777" + }, + { + "name": "IX79909", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IX79909&apar=only" + }, + { + "name": "aix-nslookup-lex-bo(7867)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7867" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0011.json b/2000/0xxx/CVE-2000-0011.json index f33005bda02..c9f7f7eab08 100644 --- a/2000/0xxx/CVE-2000-0011.json +++ b/2000/0xxx/CVE-2000-0011.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote attackers to execute commands via a long GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.analogx.com/contents/download/network/sswww.htm", - "refsource" : "MISC", - "url" : "http://www.analogx.com/contents/download/network/sswww.htm" - }, - { - "name" : "906", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/906" - }, - { - "name" : "1184", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote attackers to execute commands via a long GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.analogx.com/contents/download/network/sswww.htm", + "refsource": "MISC", + "url": "http://www.analogx.com/contents/download/network/sswww.htm" + }, + { + "name": "906", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/906" + }, + { + "name": "1184", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1184" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0058.json b/2000/0xxx/CVE-2000-0058.json index 18ef21e8de3..cd7bc007784 100644 --- a/2000/0xxx/CVE-2000-0058.json +++ b/2000/0xxx/CVE-2000-0058.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Network HotSync program in Handspring Visor does not have authentication, which allows remote attackers to retrieve email and files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000105 Handspring Visor Network HotSync Security Hole", - "refsource" : "BUGTRAQ", - "url" : "http://www.security-express.com/archives/bugtraq/2000-01/0085.html" - }, - { - "name" : "920", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Network HotSync program in Handspring Visor does not have authentication, which allows remote attackers to retrieve email and files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "920", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/920" + }, + { + "name": "20000105 Handspring Visor Network HotSync Security Hole", + "refsource": "BUGTRAQ", + "url": "http://www.security-express.com/archives/bugtraq/2000-01/0085.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0372.json b/2000/0xxx/CVE-2000-0372.json index 56560392459..c8ba97361f1 100644 --- a/2000/0xxx/CVE-2000-0372.json +++ b/2000/0xxx/CVE-2000-0372.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in Caldera rmt command in the dump package 0.4b4 allows a local user to gain root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CSSA-1999-014.0", - "refsource" : "CALDERA", - "url" : "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-014.0.txt" - }, - { - "name" : "linux-rmt(2268)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/2268" - }, - { - "name" : "7940", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7940" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in Caldera rmt command in the dump package 0.4b4 allows a local user to gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CSSA-1999-014.0", + "refsource": "CALDERA", + "url": "ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-014.0.txt" + }, + { + "name": "linux-rmt(2268)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2268" + }, + { + "name": "7940", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7940" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0440.json b/2000/0xxx/CVE-2000-0440.json index 34e25e706ea..c032b449dc1 100644 --- a/2000/0xxx/CVE-2000-0440.json +++ b/2000/0xxx/CVE-2000-0440.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0440", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of service by sending a packet with an unaligned IP timestamp option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0440", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "NetBSD-SA2000-002", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-002.txt.asc" - }, - { - "name" : "20000506 [NHC20000504a.0: NetBSD Panics when sent unaligned IP options]", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-05/0088.html" - }, - { - "name" : "1173", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1173" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of service by sending a packet with an unaligned IP timestamp option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1173", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1173" + }, + { + "name": "NetBSD-SA2000-002", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-002.txt.asc" + }, + { + "name": "20000506 [NHC20000504a.0: NetBSD Panics when sent unaligned IP options]", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0088.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0547.json b/2000/0xxx/CVE-2000-0547.json index 95fd47e8e16..75f170b1c72 100644 --- a/2000/0xxx/CVE-2000-0547.json +++ b/2000/0xxx/CVE-2000-0547.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0547", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html" - }, - { - "name" : "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt", - "refsource" : "CONFIRM", - "url" : "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt" - }, - { - "name" : "CA-2000-11", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2000-11.html" - }, - { - "name" : "K-051", - "refsource" : "CIAC", - "url" : "http://ciac.llnl.gov/ciac/bulletins/k-051.shtml" - }, - { - "name" : "1338", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CA-2000-11", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2000-11.html" + }, + { + "name": "K-051", + "refsource": "CIAC", + "url": "http://ciac.llnl.gov/ciac/bulletins/k-051.shtml" + }, + { + "name": "1338", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1338" + }, + { + "name": "20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html" + }, + { + "name": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt", + "refsource": "CONFIRM", + "url": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0645.json b/2000/0xxx/CVE-2000-0645.json index d90a205265d..ad5a7a87814 100644 --- a/2000/0xxx/CVE-2000-0645.json +++ b/2000/0xxx/CVE-2000-0645.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by using the RESTART (REST) command and writing beyond the end of a file, or writing to a file that does not exist, via commands such as STORE UNIQUE (STOU), STORE (STOR), or APPEND (APPE)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000721 WFTPD/WFTPD Pro 2.41 RC11 vulnerabilities.", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-07/0295.html" - }, - { - "name" : "1506", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1506" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by using the RESTART (REST) command and writing beyond the end of a file, or writing to a file that does not exist, via commands such as STORE UNIQUE (STOU), STORE (STOR), or APPEND (APPE)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000721 WFTPD/WFTPD Pro 2.41 RC11 vulnerabilities.", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0295.html" + }, + { + "name": "1506", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1506" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0788.json b/2000/0xxx/CVE-2000-0788.json index 657415c344c..7d3c3a8d0fc 100644 --- a/2000/0xxx/CVE-2000-0788.json +++ b/2000/0xxx/CVE-2000-0788.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000807 MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=398EB9CA.27E03A9C@nat.bg" - }, - { - "name" : "MS00-071", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-071" - }, - { - "name" : "1566", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1566" - }, - { - "name" : "word-mail-merge(5322)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5322" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "word-mail-merge(5322)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5322" + }, + { + "name": "1566", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1566" + }, + { + "name": "MS00-071", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-071" + }, + { + "name": "20000807 MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=398EB9CA.27E03A9C@nat.bg" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0884.json b/2000/0xxx/CVE-2000-0884.json index aff78e77090..a6d1e3f4093 100644 --- a/2000/0xxx/CVE-2000-0884.json +++ b/2000/0xxx/CVE-2000-0884.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the \"Web Server Folder Traversal\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS00-078", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-078" - }, - { - "name" : "1806", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1806" - }, - { - "name" : "iis-unicode-translation(5377)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5377" - }, - { - "name" : "436", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/436" - }, - { - "name" : "oval:org.mitre.oval:def:44", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A44" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the \"Web Server Folder Traversal\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:44", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A44" + }, + { + "name": "MS00-078", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-078" + }, + { + "name": "iis-unicode-translation(5377)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5377" + }, + { + "name": "1806", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1806" + }, + { + "name": "436", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/436" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1008.json b/2000/1xxx/CVE-2000-1008.json index 1b7a3ecf3d9..40865f5127d 100644 --- a/2000/1xxx/CVE-2000-1008.json +++ b/2000/1xxx/CVE-2000-1008.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PalmOS 3.5.2 and earlier uses weak encryption to store the user password, which allows attackers with physical access to the Palm device to decrypt the password and gain access to the device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A092600-1", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2000/a092600-1.txt" - }, - { - "name" : "1715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1715" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PalmOS 3.5.2 and earlier uses weak encryption to store the user password, which allows attackers with physical access to the Palm device to decrypt the password and gain access to the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1715" + }, + { + "name": "A092600-1", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2000/a092600-1.txt" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1200.json b/2000/1xxx/CVE-2000-1200.json index 7e084faecdf..3a4067df24f 100644 --- a/2000/1xxx/CVE-2000-1200.json +++ b/2000/1xxx/CVE-2000-1200.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000201 Windows NT and account list leak ! A new SID usage", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/44430" - }, - { - "name" : "nt-lsa-domain-sid(4015)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/4015" - }, - { - "name" : "959", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/959" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000201 Windows NT and account list leak ! A new SID usage", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/44430" + }, + { + "name": "nt-lsa-domain-sid(4015)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4015" + }, + { + "name": "959", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/959" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2343.json b/2005/2xxx/CVE-2005-2343.json index c29c75f1797..795dd18e95d 100644 --- a/2005/2xxx/CVE-2005-2343.json +++ b/2005/2xxx/CVE-2005-2343.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Research in Motion (RIM) BlackBerry Handheld web browser for BlackBerry Handheld before 4.0.2 allows remote attackers to cause a denial of service (hang) via a Java Application Description (JAD) file with a long application name and vendor string, which prevents a browser dialog from being properly dismissed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2005-2343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#829400", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/829400" - }, - { - "name" : "http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/7925/8142/?nodeid=1167791", - "refsource" : "CONFIRM", - "url" : "http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/7925/8142/?nodeid=1167791" - }, - { - "name" : "16099", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16099" - }, - { - "name" : "ADV-2006-0011", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0011" - }, - { - "name" : "1015428", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Research in Motion (RIM) BlackBerry Handheld web browser for BlackBerry Handheld before 4.0.2 allows remote attackers to cause a denial of service (hang) via a Java Application Description (JAD) file with a long application name and vendor string, which prevents a browser dialog from being properly dismissed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/7925/8142/?nodeid=1167791", + "refsource": "CONFIRM", + "url": "http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/7925/8142/?nodeid=1167791" + }, + { + "name": "VU#829400", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/829400" + }, + { + "name": "ADV-2006-0011", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0011" + }, + { + "name": "16099", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16099" + }, + { + "name": "1015428", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015428" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2362.json b/2005/2xxx/CVE-2005-2362.json index 555a546889e..07ade78b02e 100644 --- a/2005/2xxx/CVE-2005-2362.json +++ b/2005/2xxx/CVE-2005-2362.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability several dissectors in Ethereal 0.9.0 through 0.10.11 allows remote attackers to cause a denial of service (application crash) by reassembling certain packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-2362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00020.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00020.html" - }, - { - "name" : "FLSA-2006:152922", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" - }, - { - "name" : "GLSA-200507-27", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200507-27.xml" - }, - { - "name" : "RHSA-2005:687", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-687.html" - }, - { - "name" : "SUSE-SR:2005:019", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_19_sr.html" - }, - { - "name" : "14399", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14399" - }, - { - "name" : "oval:org.mitre.oval:def:10059", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10059" - }, - { - "name" : "16225", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16225" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability several dissectors in Ethereal 0.9.0 through 0.10.11 allows remote attackers to cause a denial of service (application crash) by reassembling certain packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00020.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00020.html" + }, + { + "name": "GLSA-200507-27", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200507-27.xml" + }, + { + "name": "SUSE-SR:2005:019", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html" + }, + { + "name": "RHSA-2005:687", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-687.html" + }, + { + "name": "FLSA-2006:152922", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" + }, + { + "name": "14399", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14399" + }, + { + "name": "16225", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16225" + }, + { + "name": "oval:org.mitre.oval:def:10059", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10059" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2811.json b/2005/2xxx/CVE-2005-2811.json index 08b2c075a71..42daedfa083 100644 --- a/2005/2xxx/CVE-2005-2811.json +++ b/2005/2xxx/CVE-2005-2811.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, on Gentoo Linux, installs certain Perl modules with an insecure DT_RPATH, which could allow local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200509-05", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200509-05.xml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, on Gentoo Linux, installs certain Perl modules with an insecure DT_RPATH, which could allow local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200509-05", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-05.xml" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2920.json b/2005/2xxx/CVE-2005-2920.json index 490841c4df2..bd33f04f872 100644 --- a/2005/2xxx/CVE-2005-2920.json +++ b/2005/2xxx/CVE-2005-2920.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=356974", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=356974" - }, - { - "name" : "DSA-824", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-824" - }, - { - "name" : "GLSA-200509-13", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml" - }, - { - "name" : "SUSE-SA:2005:055", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_55_clamav.html" - }, - { - "name" : "VU#363713", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/363713" - }, - { - "name" : "14866", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14866" - }, - { - "name" : "ADV-2005-1774", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1774" - }, - { - "name" : "19506", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19506" - }, - { - "name" : "16989", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16989" - }, - { - "name" : "16848", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16848" - }, - { - "name" : "clam-antivirus-upx-bo(22307)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2005:055", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_55_clamav.html" + }, + { + "name": "16989", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16989" + }, + { + "name": "DSA-824", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-824" + }, + { + "name": "VU#363713", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/363713" + }, + { + "name": "GLSA-200509-13", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml" + }, + { + "name": "16848", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16848" + }, + { + "name": "19506", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19506" + }, + { + "name": "clam-antivirus-upx-bo(22307)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22307" + }, + { + "name": "14866", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14866" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=356974", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=356974" + }, + { + "name": "ADV-2005-1774", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1774" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3060.json b/2005/3xxx/CVE-2005-3060.json index 2ef047b067f..dea4c93259c 100644 --- a/2005/3xxx/CVE-2005-3060.json +++ b/2005/3xxx/CVE-2005-3060.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IY73814", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY73814" - }, - { - "name" : "IY73850", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY73850" - }, - { - "name" : "VU#602300", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/602300" - }, - { - "name" : "14959", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14959" - }, - { - "name" : "19719", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19719" - }, - { - "name" : "1014991", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014991" - }, - { - "name" : "16996", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16996" - }, - { - "name" : "aix-getconf-bo(22442)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19719", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19719" + }, + { + "name": "16996", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16996" + }, + { + "name": "aix-getconf-bo(22442)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22442" + }, + { + "name": "IY73850", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY73850" + }, + { + "name": "IY73814", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY73814" + }, + { + "name": "14959", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14959" + }, + { + "name": "VU#602300", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/602300" + }, + { + "name": "1014991", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014991" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3206.json b/2005/3xxx/CVE-2005-3206.json index 1dbc9cbf1ed..d8776a3e8bc 100644 --- a/2005/3xxx/CVE-2005-3206.json +++ b/2005/3xxx/CVE-2005-3206.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to cause a denial of service (TNS listener stop) via an HTTP request with an sid parameter that contains a STOP command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051007 Shutdown TNS Listener via Oracle iSQL*Plus", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112870589127719&w=2" - }, - { - "name" : "20051007 Shutdown TNS Listener via Oracle iSQL*Plus", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0176.html" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_isqlplus_shutdown.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_isqlplus_shutdown.html" - }, - { - "name" : "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html", - "refsource" : "MISC", - "url" : "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html" - }, - { - "name" : "15032", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15032" - }, - { - "name" : "20056", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20056" - }, - { - "name" : "15991", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15991/" - }, - { - "name" : "64", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/64" - }, - { - "name" : "oracle-isql-tns-dos(22544)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22544" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to cause a denial of service (TNS listener stop) via an HTTP request with an sid parameter that contains a STOP command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15032", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15032" + }, + { + "name": "20051007 Shutdown TNS Listener via Oracle iSQL*Plus", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112870589127719&w=2" + }, + { + "name": "15991", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15991/" + }, + { + "name": "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html", + "refsource": "MISC", + "url": "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html" + }, + { + "name": "oracle-isql-tns-dos(22544)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22544" + }, + { + "name": "20056", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20056" + }, + { + "name": "64", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/64" + }, + { + "name": "20051007 Shutdown TNS Listener via Oracle iSQL*Plus", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0176.html" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_isqlplus_shutdown.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_isqlplus_shutdown.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3371.json b/2005/3xxx/CVE-2005-3371.json index ea48b379bbd..f89fbf6e3b8 100644 --- a/2005/3xxx/CVE-2005-3371.json +++ b/2005/3xxx/CVE-2005-3371.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple interpretation error in AVG 7 7.0.323 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an \"MZ\" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a \"triple headed\" program that contains EXE, EML, and HTML content, aka the \"magic byte bug.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051025 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113026417802703&w=2" - }, - { - "name" : "http://www.securityelf.org/magicbyteadv.html", - "refsource" : "MISC", - "url" : "http://www.securityelf.org/magicbyteadv.html" - }, - { - "name" : "http://www.securityelf.org/magicbyte.html", - "refsource" : "MISC", - "url" : "http://www.securityelf.org/magicbyte.html" - }, - { - "name" : "http://www.securityelf.org/updmagic.html", - "refsource" : "MISC", - "url" : "http://www.securityelf.org/updmagic.html" - }, - { - "name" : "15189", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15189" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple interpretation error in AVG 7 7.0.323 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an \"MZ\" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a \"triple headed\" program that contains EXE, EML, and HTML content, aka the \"magic byte bug.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15189", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15189" + }, + { + "name": "http://www.securityelf.org/magicbyte.html", + "refsource": "MISC", + "url": "http://www.securityelf.org/magicbyte.html" + }, + { + "name": "http://www.securityelf.org/magicbyteadv.html", + "refsource": "MISC", + "url": "http://www.securityelf.org/magicbyteadv.html" + }, + { + "name": "20051025 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113026417802703&w=2" + }, + { + "name": "http://www.securityelf.org/updmagic.html", + "refsource": "MISC", + "url": "http://www.securityelf.org/updmagic.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3474.json b/2005/3xxx/CVE-2005-3474.json index b9e4daf6906..ce362c6254c 100644 --- a/2005/3xxx/CVE-2005-3474.json +++ b/2005/3xxx/CVE-2005-3474.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The aries.sys driver in Sony First4Internet XCP DRM software hides any file, registry key, or process with a name that starts with \"$sys$\", which allows attackers to hide activities on a system that uses XCP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html", - "refsource" : "MISC", - "url" : "http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html" - }, - { - "name" : "20435", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20435" - }, - { - "name" : "1015145", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015145" - }, - { - "name" : "17408", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The aries.sys driver in Sony First4Internet XCP DRM software hides any file, registry key, or process with a name that starts with \"$sys$\", which allows attackers to hide activities on a system that uses XCP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20435", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20435" + }, + { + "name": "17408", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17408" + }, + { + "name": "1015145", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015145" + }, + { + "name": "http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html", + "refsource": "MISC", + "url": "http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5356.json b/2007/5xxx/CVE-2007-5356.json index 1886bc28e54..3bdc217a448 100644 --- a/2007/5xxx/CVE-2007-5356.json +++ b/2007/5xxx/CVE-2007-5356.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5356", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2007-5356", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2063.json b/2009/2xxx/CVE-2009-2063.json index 6c3f6dfff31..4db60837ab5 100644 --- a/2009/2xxx/CVE-2009-2063.json +++ b/2009/2xxx/CVE-2009-2063.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://research.microsoft.com/apps/pubs/default.aspx?id=79323", - "refsource" : "MISC", - "url" : "http://research.microsoft.com/apps/pubs/default.aspx?id=79323" - }, - { - "name" : "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf", - "refsource" : "MISC", - "url" : "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf" - }, - { - "name" : "35412", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35412" - }, - { - "name" : "opera-httpconnect-code-execution(51204)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf", + "refsource": "MISC", + "url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf" + }, + { + "name": "35412", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35412" + }, + { + "name": "opera-httpconnect-code-execution(51204)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51204" + }, + { + "name": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323", + "refsource": "MISC", + "url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2094.json b/2009/2xxx/CVE-2009-2094.json index be285b7d166..ec858e20521 100644 --- a/2009/2xxx/CVE-2009-2094.json +++ b/2009/2xxx/CVE-2009-2094.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in IBM WebSphere Commerce 6.0 Enterprise before 6.0.0.8, when trace is enabled, allows local users to obtain sensitive information via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://publib.boulder.ibm.com/infocenter/wchelp/v6r0m0/topic/com.ibm.commerce.admin.doc/refs/rig_new_and_changed.htm", - "refsource" : "CONFIRM", - "url" : "http://publib.boulder.ibm.com/infocenter/wchelp/v6r0m0/topic/com.ibm.commerce.admin.doc/refs/rig_new_and_changed.htm" - }, - { - "name" : "LI74286", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1LI74286" - }, - { - "name" : "wc-trace-info-disclosure(52398)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52398" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in IBM WebSphere Commerce 6.0 Enterprise before 6.0.0.8, when trace is enabled, allows local users to obtain sensitive information via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://publib.boulder.ibm.com/infocenter/wchelp/v6r0m0/topic/com.ibm.commerce.admin.doc/refs/rig_new_and_changed.htm", + "refsource": "CONFIRM", + "url": "http://publib.boulder.ibm.com/infocenter/wchelp/v6r0m0/topic/com.ibm.commerce.admin.doc/refs/rig_new_and_changed.htm" + }, + { + "name": "wc-trace-info-disclosure(52398)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52398" + }, + { + "name": "LI74286", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LI74286" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2142.json b/2009/2xxx/CVE-2009-2142.json index 583348db450..8705e9e4db1 100644 --- a/2009/2xxx/CVE-2009-2142.json +++ b/2009/2xxx/CVE-2009-2142.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in admin/index.asp in Zip Store Chat 4.0 and 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) senha parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8935", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8935" - }, - { - "name" : "35417", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35417" - }, - { - "name" : "ADV-2009-1581", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1581" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in admin/index.asp in Zip Store Chat 4.0 and 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) senha parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1581", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1581" + }, + { + "name": "35417", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35417" + }, + { + "name": "8935", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8935" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2499.json b/2009/2xxx/CVE-2009-2499.json index 8d7a217339d..654b8a68f92 100644 --- a/2009/2xxx/CVE-2009-2499.json +++ b/2009/2xxx/CVE-2009-2499.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka \"Windows Media Playback Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-2499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS09-047", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047" - }, - { - "name" : "TA09-251A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-251A.html" - }, - { - "name" : "oval:org.mitre.oval:def:5531", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka \"Windows Media Playback Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS09-047", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047" + }, + { + "name": "oval:org.mitre.oval:def:5531", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531" + }, + { + "name": "TA09-251A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2670.json b/2009/2xxx/CVE-2009-2670.json index d2580c7018c..f274a7afdb3 100644 --- a/2009/2xxx/CVE-2009-2670.json +++ b/2009/2xxx/CVE-2009-2670.json @@ -1,242 +1,242 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" - }, - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1" - }, - { - "name" : "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20", - "refsource" : "CONFIRM", - "url" : "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20" - }, - { - "name" : "http://java.sun.com/javase/6/webnotes/6u15.html", - "refsource" : "CONFIRM", - "url" : "http://java.sun.com/javase/6/webnotes/6u15.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" - }, - { - "name" : "APPLE-SA-2009-09-03-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html" - }, - { - "name" : "FEDORA-2009-8329", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html" - }, - { - "name" : "FEDORA-2009-8337", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html" - }, - { - "name" : "GLSA-200911-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" - }, - { - "name" : "HPSBUX02476", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=125787273209737&w=2" - }, - { - "name" : "SSRT090250", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=125787273209737&w=2" - }, - { - "name" : "MDVSA-2009:209", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209" - }, - { - "name" : "RHSA-2009:1199", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1199.html" - }, - { - "name" : "RHSA-2009:1200", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1200.html" - }, - { - "name" : "RHSA-2009:1201", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1201.html" - }, - { - "name" : "263408", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263408-1" - }, - { - "name" : "SUSE-SA:2009:043", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html" - }, - { - "name" : "SUSE-SR:2009:016", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" - }, - { - "name" : "SUSE-SA:2009:053", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html" - }, - { - "name" : "TA09-294A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" - }, - { - "name" : "35939", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35939" - }, - { - "name" : "56788", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56788" - }, - { - "name" : "oval:org.mitre.oval:def:11326", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11326" - }, - { - "name" : "oval:org.mitre.oval:def:8022", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8022" - }, - { - "name" : "1022658", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022658" - }, - { - "name" : "36162", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36162" - }, - { - "name" : "36176", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36176" - }, - { - "name" : "36180", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36180" - }, - { - "name" : "36199", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36199" - }, - { - "name" : "36248", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36248" - }, - { - "name" : "37300", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37300" - }, - { - "name" : "37386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37386" - }, - { - "name" : "37460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37460" - }, - { - "name" : "ADV-2009-2543", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2543" - }, - { - "name" : "ADV-2009-3316", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3316" - }, - { - "name" : "jre-jdk-audiosystem-priv-escalation(52306)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:8022", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8022" + }, + { + "name": "RHSA-2009:1200", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1200.html" + }, + { + "name": "RHSA-2009:1199", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1199.html" + }, + { + "name": "36162", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36162" + }, + { + "name": "ADV-2009-2543", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2543" + }, + { + "name": "37460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37460" + }, + { + "name": "GLSA-200911-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" + }, + { + "name": "HPSBUX02476", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=125787273209737&w=2" + }, + { + "name": "263408", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263408-1" + }, + { + "name": "36199", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36199" + }, + { + "name": "36248", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36248" + }, + { + "name": "MDVSA-2009:209", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209" + }, + { + "name": "FEDORA-2009-8329", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html" + }, + { + "name": "56788", + "refsource": "OSVDB", + "url": "http://osvdb.org/56788" + }, + { + "name": "SSRT090250", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=125787273209737&w=2" + }, + { + "name": "1022658", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022658" + }, + { + "name": "http://java.sun.com/javase/6/webnotes/6u15.html", + "refsource": "CONFIRM", + "url": "http://java.sun.com/javase/6/webnotes/6u15.html" + }, + { + "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" + }, + { + "name": "TA09-294A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" + }, + { + "name": "36180", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36180" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1" + }, + { + "name": "36176", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36176" + }, + { + "name": "FEDORA-2009-8337", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html" + }, + { + "name": "oval:org.mitre.oval:def:11326", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11326" + }, + { + "name": "SUSE-SR:2009:016", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" + }, + { + "name": "37300", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37300" + }, + { + "name": "APPLE-SA-2009-09-03-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html" + }, + { + "name": "SUSE-SA:2009:053", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html" + }, + { + "name": "RHSA-2009:1201", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1201.html" + }, + { + "name": "SUSE-SA:2009:043", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html" + }, + { + "name": "37386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37386" + }, + { + "name": "jre-jdk-audiosystem-priv-escalation(52306)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52306" + }, + { + "name": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20", + "refsource": "CONFIRM", + "url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20" + }, + { + "name": "ADV-2009-3316", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3316" + }, + { + "name": "35939", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35939" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3103.json b/2009/3xxx/CVE-2009-3103.json index 41e0cf7be59..5f3d1a00fd8 100644 --- a/2009/3xxx/CVE-2009-3103.json +++ b/2009/3xxx/CVE-2009-3103.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka \"SMBv2 Negotiation Vulnerability.\" NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-3103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090908 Regarding Microsoft srv2.sys SMB2.0 NEGOTIATE BSOD", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/506300/100/0/threaded" - }, - { - "name" : "20090909 SMB SRV2.SYS Denial of Service PoC", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/506327/100/0/threaded" - }, - { - "name" : "20090907 Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0090.html" - }, - { - "name" : "9594", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9594" - }, - { - "name" : "http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html", - "refsource" : "MISC", - "url" : "http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html" - }, - { - "name" : "http://isc.sans.org/diary.html?storyid=7093", - "refsource" : "MISC", - "url" : "http://isc.sans.org/diary.html?storyid=7093" - }, - { - "name" : "http://blog.48bits.com/?p=510", - "refsource" : "MISC", - "url" : "http://blog.48bits.com/?p=510" - }, - { - "name" : "http://www.reversemode.com/index.php?option=com_content&task=view&id=64&Itemid=1", - "refsource" : "MISC", - "url" : "http://www.reversemode.com/index.php?option=com_content&task=view&id=64&Itemid=1" - }, - { - "name" : "http://www.microsoft.com/technet/security/advisory/975497.mspx", - "refsource" : "CONFIRM", - "url" : "http://www.microsoft.com/technet/security/advisory/975497.mspx" - }, - { - "name" : "MS09-050", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050" - }, - { - "name" : "TA09-286A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-286A.html" - }, - { - "name" : "VU#135940", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/135940" - }, - { - "name" : "36299", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36299" - }, - { - "name" : "57799", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/57799" - }, - { - "name" : "oval:org.mitre.oval:def:6489", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6489" - }, - { - "name" : "1022848", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022848" - }, - { - "name" : "36623", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36623" - }, - { - "name" : "win-srv2sys-code-execution(53090)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53090" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka \"SMBv2 Negotiation Vulnerability.\" NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36299", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36299" + }, + { + "name": "VU#135940", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/135940" + }, + { + "name": "http://www.microsoft.com/technet/security/advisory/975497.mspx", + "refsource": "CONFIRM", + "url": "http://www.microsoft.com/technet/security/advisory/975497.mspx" + }, + { + "name": "http://www.reversemode.com/index.php?option=com_content&task=view&id=64&Itemid=1", + "refsource": "MISC", + "url": "http://www.reversemode.com/index.php?option=com_content&task=view&id=64&Itemid=1" + }, + { + "name": "http://blog.48bits.com/?p=510", + "refsource": "MISC", + "url": "http://blog.48bits.com/?p=510" + }, + { + "name": "MS09-050", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050" + }, + { + "name": "TA09-286A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html" + }, + { + "name": "http://isc.sans.org/diary.html?storyid=7093", + "refsource": "MISC", + "url": "http://isc.sans.org/diary.html?storyid=7093" + }, + { + "name": "36623", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36623" + }, + { + "name": "http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html", + "refsource": "MISC", + "url": "http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html" + }, + { + "name": "1022848", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022848" + }, + { + "name": "20090909 SMB SRV2.SYS Denial of Service PoC", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/506327/100/0/threaded" + }, + { + "name": "9594", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9594" + }, + { + "name": "20090907 Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0090.html" + }, + { + "name": "57799", + "refsource": "OSVDB", + "url": "http://osvdb.org/57799" + }, + { + "name": "win-srv2sys-code-execution(53090)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53090" + }, + { + "name": "20090908 Regarding Microsoft srv2.sys SMB2.0 NEGOTIATE BSOD", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/506300/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:6489", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6489" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3349.json b/2009/3xxx/CVE-2009-3349.json index 20d520b1130..20ab51f1464 100644 --- a/2009/3xxx/CVE-2009-3349.json +++ b/2009/3xxx/CVE-2009-3349.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Datavore Gyro 5.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a cat action to the home component." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9640", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9640" - }, - { - "name" : "gyro-cid-sql-injection(53194)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53194" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Datavore Gyro 5.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a cat action to the home component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gyro-cid-sql-injection(53194)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53194" + }, + { + "name": "9640", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9640" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3634.json b/2009/3xxx/CVE-2009-3634.json index cc41b762cd8..fd5587913f0 100644 --- a/2009/3xxx/CVE-2009-3634.json +++ b/2009/3xxx/CVE-2009-3634.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20091023 Re: CVE id request: typo3", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125632856206736&w=2" - }, - { - "name" : "[oss-security] 20091023 Re: CVE id request: typo3", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125633199111438&w=2" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/" - }, - { - "name" : "36801", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36801" - }, - { - "name" : "37122", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37122" - }, - { - "name" : "ADV-2009-3009", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3009" - }, - { - "name" : "typo3-login-xss(53926)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53926" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/" + }, + { + "name": "37122", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37122" + }, + { + "name": "[oss-security] 20091023 Re: CVE id request: typo3", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125633199111438&w=2" + }, + { + "name": "typo3-login-xss(53926)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53926" + }, + { + "name": "[oss-security] 20091023 Re: CVE id request: typo3", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125632856206736&w=2" + }, + { + "name": "ADV-2009-3009", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3009" + }, + { + "name": "36801", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36801" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0231.json b/2015/0xxx/CVE-2015-0231.json index 4d79f5fe0eb..625b5e5414c 100644 --- a/2015/0xxx/CVE-2015-0231.json +++ b/2015/0xxx/CVE-2015-0231.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-0231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=68710", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=68710" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1185397", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1185397" - }, - { - "name" : "https://github.com/php/php-src/commit/b585a3aed7880a5fa5c18e2b838fc96f40e075bd", - "refsource" : "CONFIRM", - "url" : "https://github.com/php/php-src/commit/b585a3aed7880a5fa5c18e2b838fc96f40e075bd" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0040.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0040.html" - }, - { - "name" : "https://support.apple.com/HT205267", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205267" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" - }, - { - "name" : "APPLE-SA-2015-09-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" - }, - { - "name" : "DSA-3195", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3195" - }, - { - "name" : "GLSA-201606-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-10" - }, - { - "name" : "GLSA-201503-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201503-03" - }, - { - "name" : "HPSBMU03380", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143748090628601&w=2" - }, - { - "name" : "HPSBMU03409", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144050155601375&w=2" - }, - { - "name" : "HPSBUX03337", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143403519711434&w=2" - }, - { - "name" : "SSRT102066", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143403519711434&w=2" - }, - { - "name" : "MDVSA-2015:079", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:079" - }, - { - "name" : "MDVSA-2015:032", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:032" - }, - { - "name" : "RHSA-2015:1135", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1135.html" - }, - { - "name" : "RHSA-2015:1053", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1053.html" - }, - { - "name" : "RHSA-2015:1066", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1066.html" - }, - { - "name" : "SUSE-SU-2015:0365", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html" - }, - { - "name" : "openSUSE-SU-2015:0325", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html" - }, - { - "name" : "72539", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2015:032", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:032" + }, + { + "name": "DSA-3195", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3195" + }, + { + "name": "HPSBMU03409", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1185397", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185397" + }, + { + "name": "SUSE-SU-2015:0365", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html" + }, + { + "name": "APPLE-SA-2015-09-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" + }, + { + "name": "HPSBMU03380", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143748090628601&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "MDVSA-2015:079", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:079" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" + }, + { + "name": "SSRT102066", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143403519711434&w=2" + }, + { + "name": "openSUSE-SU-2015:0325", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html" + }, + { + "name": "https://support.apple.com/HT205267", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205267" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "https://github.com/php/php-src/commit/b585a3aed7880a5fa5c18e2b838fc96f40e075bd", + "refsource": "CONFIRM", + "url": "https://github.com/php/php-src/commit/b585a3aed7880a5fa5c18e2b838fc96f40e075bd" + }, + { + "name": "RHSA-2015:1135", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1135.html" + }, + { + "name": "https://bugs.php.net/bug.php?id=68710", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=68710" + }, + { + "name": "RHSA-2015:1053", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1053.html" + }, + { + "name": "GLSA-201503-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201503-03" + }, + { + "name": "HPSBUX03337", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143403519711434&w=2" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0040.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0040.html" + }, + { + "name": "GLSA-201606-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-10" + }, + { + "name": "RHSA-2015:1066", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1066.html" + }, + { + "name": "72539", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72539" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0343.json b/2015/0xxx/CVE-2015-0343.json index 4917b7bad6a..a40b6f4f8eb 100644 --- a/2015/0xxx/CVE-2015-0343.json +++ b/2015/0xxx/CVE-2015-0343.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin/home/homepage/search in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-0343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150611 XSS vulnerability Adobe Connect 9.3 (CVE-2015-0343 )", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2015/Jun/61" - }, - { - "name" : "20150611 XSS vulnerability Adobe Connect 9.3 (CVE-2015-0343 )", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jun/35" - }, - { - "name" : "http://packetstormsecurity.com/files/132269/Adobe-Connect-9.3-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132269/Adobe-Connect-9.3-Cross-Site-Scripting.html" - }, - { - "name" : "https://helpx.adobe.com/adobe-connect/release-note/connect-94-release-notes.html#Issues%20Resolved", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/adobe-connect/release-note/connect-94-release-notes.html#Issues%20Resolved" - }, - { - "name" : "1032567", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032567" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin/home/homepage/search in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150611 XSS vulnerability Adobe Connect 9.3 (CVE-2015-0343 )", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jun/35" + }, + { + "name": "http://packetstormsecurity.com/files/132269/Adobe-Connect-9.3-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132269/Adobe-Connect-9.3-Cross-Site-Scripting.html" + }, + { + "name": "https://helpx.adobe.com/adobe-connect/release-note/connect-94-release-notes.html#Issues%20Resolved", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/adobe-connect/release-note/connect-94-release-notes.html#Issues%20Resolved" + }, + { + "name": "1032567", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032567" + }, + { + "name": "20150611 XSS vulnerability Adobe Connect 9.3 (CVE-2015-0343 )", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2015/Jun/61" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0701.json b/2015/0xxx/CVE-2015-0701.json index cd69932048a..b73b5ede44b 100644 --- a/2015/0xxx/CVE-2015-0701.json +++ b/2015/0xxx/CVE-2015-0701.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150506 Cisco UCS Central Software Arbitrary Command Execution Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc" - }, - { - "name" : "74491", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74491" - }, - { - "name" : "1032267", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032267" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74491", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74491" + }, + { + "name": "1032267", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032267" + }, + { + "name": "20150506 Cisco UCS Central Software Arbitrary Command Execution Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0781.json b/2015/0xxx/CVE-2015-0781.json index a489171989a..0d614877d16 100644 --- a/2015/0xxx/CVE-2015-0781.json +++ b/2015/0xxx/CVE-2015-0781.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2015-0781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-151", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-151" - }, - { - "name" : "https://www.novell.com/support/kb/doc.php?id=7016431", - "refsource" : "CONFIRM", - "url" : "https://www.novell.com/support/kb/doc.php?id=7016431" - }, - { - "name" : "74291", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.novell.com/support/kb/doc.php?id=7016431", + "refsource": "CONFIRM", + "url": "https://www.novell.com/support/kb/doc.php?id=7016431" + }, + { + "name": "74291", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74291" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-151", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-151" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0839.json b/2015/0xxx/CVE-2015-0839.json index edbf8366678..160a6df91d9 100644 --- a/2015/0xxx/CVE-2015-0839.json +++ b/2015/0xxx/CVE-2015-0839.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0839", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2015-0839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150529 [CVE-2015-0839] hp-plugin binary driver verification", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/05/29/2" - }, - { - "name" : "https://bugs.launchpad.net/hplip/+bug/1432516", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/hplip/+bug/1432516" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1227252", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1227252" - }, - { - "name" : "FEDORA-2015-11723", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162442.html" - }, - { - "name" : "FEDORA-2015-11916", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162880.html" - }, - { - "name" : "USN-2699-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2699-1" - }, - { - "name" : "74913", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74913" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/hplip/+bug/1432516", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/hplip/+bug/1432516" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1227252", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1227252" + }, + { + "name": "FEDORA-2015-11916", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162880.html" + }, + { + "name": "[oss-security] 20150529 [CVE-2015-0839] hp-plugin binary driver verification", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/05/29/2" + }, + { + "name": "USN-2699-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2699-1" + }, + { + "name": "FEDORA-2015-11723", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162442.html" + }, + { + "name": "74913", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74913" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1244.json b/2015/1xxx/CVE-2015-1244.json index a036b889baa..c41182a5bb2 100644 --- a/2015/1xxx/CVE-2015-1244.json +++ b/2015/1xxx/CVE-2015-1244.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for WebSocket traffic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html" - }, - { - "name" : "https://chromium.googlesource.com/chromium/src/net/+/2359906c4fdfa9d44b045755d23fe5327c10e010", - "refsource" : "CONFIRM", - "url" : "https://chromium.googlesource.com/chromium/src/net/+/2359906c4fdfa9d44b045755d23fe5327c10e010" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=455215", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=455215" - }, - { - "name" : "DSA-3238", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3238" - }, - { - "name" : "GLSA-201506-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201506-04" - }, - { - "name" : "RHSA-2015:0816", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0816.html" - }, - { - "name" : "openSUSE-SU-2015:1887", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html" - }, - { - "name" : "openSUSE-SU-2015:0748", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html" - }, - { - "name" : "USN-2570-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-2570-1" - }, - { - "name" : "1032209", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for WebSocket traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:0816", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0816.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=455215", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=455215" + }, + { + "name": "USN-2570-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-2570-1" + }, + { + "name": "DSA-3238", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3238" + }, + { + "name": "openSUSE-SU-2015:1887", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html" + }, + { + "name": "GLSA-201506-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201506-04" + }, + { + "name": "1032209", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032209" + }, + { + "name": "https://chromium.googlesource.com/chromium/src/net/+/2359906c4fdfa9d44b045755d23fe5327c10e010", + "refsource": "CONFIRM", + "url": "https://chromium.googlesource.com/chromium/src/net/+/2359906c4fdfa9d44b045755d23fe5327c10e010" + }, + { + "name": "openSUSE-SU-2015:0748", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1469.json b/2015/1xxx/CVE-2015-1469.json index 12b63d075f0..718007b2338 100644 --- a/2015/1xxx/CVE-2015-1469.json +++ b/2015/1xxx/CVE-2015-1469.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "time.htm in the web interface on SerVision HVG Video Gateway devices with firmware through 2.2.26a100 allows remote authenticated users to gain privileges by leveraging a cookie received in an HTTP response, a different vulnerability than CVE-2015-0929 and CVE-2015-0930." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#522460", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/522460" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "time.htm in the web interface on SerVision HVG Video Gateway devices with firmware through 2.2.26a100 allows remote authenticated users to gain privileges by leveraging a cookie received in an HTTP response, a different vulnerability than CVE-2015-0929 and CVE-2015-0930." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#522460", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/522460" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1736.json b/2015/1xxx/CVE-2015-1736.json index 5d94a84bc7a..eccbac2b251 100644 --- a/2015/1xxx/CVE-2015-1736.json +++ b/2015/1xxx/CVE-2015-1736.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1731, CVE-2015-1737, and CVE-2015-1755." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-253", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-253" - }, - { - "name" : "MS15-056", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056" - }, - { - "name" : "74978", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74978" - }, - { - "name" : "1032521", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032521" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1731, CVE-2015-1737, and CVE-2015-1755." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-056", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056" + }, + { + "name": "74978", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74978" + }, + { + "name": "1032521", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032521" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-253", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-253" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1834.json b/2015/1xxx/CVE-2015-1834.json index 3ff7e547350..7bd970d1af4 100644 --- a/2015/1xxx/CVE-2015-1834.json +++ b/2015/1xxx/CVE-2015-1834.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2015-1834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Foundry", - "version" : { - "version_data" : [ - { - "version_value" : "cf-release versions prior to v208" - }, - { - "version_value" : "Elastic Runtime versions prior to 1.4.2" - } - ] - } - } - ] - }, - "vendor_name" : "Pivotal" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a given directory structure through relative file paths in the user input. It aims at accessing files and directories that are stored outside the web root folder, for disallowed reading or even executing arbitrary system commands. An attacker could use a certain parameter of the file path for instance to inject '../' sequences in order to navigate through the file system. In this particular case a remote authenticated attacker can exploit the identified vulnerability in order to upload arbitrary files to the server running a Cloud Controller instance - outside the isolated application container." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2015-1834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cloud Foundry", + "version": { + "version_data": [ + { + "version_value": "cf-release versions prior to v208" + }, + { + "version_value": "Elastic Runtime versions prior to 1.4.2" + } + ] + } + } + ] + }, + "vendor_name": "Pivotal" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pivotal.io/security/cve-2015-1834", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2015-1834" - }, - { - "name" : "98691", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98691" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a given directory structure through relative file paths in the user input. It aims at accessing files and directories that are stored outside the web root folder, for disallowed reading or even executing arbitrary system commands. An attacker could use a certain parameter of the file path for instance to inject '../' sequences in order to navigate through the file system. In this particular case a remote authenticated attacker can exploit the identified vulnerability in order to upload arbitrary files to the server running a Cloud Controller instance - outside the isolated application container." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pivotal.io/security/cve-2015-1834", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2015-1834" + }, + { + "name": "98691", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98691" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4051.json b/2015/4xxx/CVE-2015-4051.json index 423fdab40c1..a9facac0b5d 100644 --- a/2015/4xxx/CVE-2015-4051.json +++ b/2015/4xxx/CVE-2015-4051.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Beckhoff IPC Diagnostics before 1.8 does not properly restrict access to functions in /config, which allows remote attackers to cause a denial of service (reboot or shutdown), create arbitrary users, or possibly have unspecified other impact via a crafted request, as demonstrated by a beckhoff.com:service:cxconfig:1#Write SOAP action to /upnpisapi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150604 [CVE-2015-4051]: Beckhoff IPC diagnostics < 1.8 : Authentication bypass", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jun/10" - }, - { - "name" : "http://www.thesecurityfactory.be/permalink/beckhoff-authentication-bypass.html", - "refsource" : "MISC", - "url" : "http://www.thesecurityfactory.be/permalink/beckhoff-authentication-bypass.html" - }, - { - "name" : "http://packetstormsecurity.com/files/134071/Beckoff-CX9020-CPU-Model-Remote-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/134071/Beckoff-CX9020-CPU-Model-Remote-Code-Execution.html" - }, - { - "name" : "http://packetstormsecurity.com/files/132168/Beckhoff-IPC-Diagnositcs-Authentication-Bypass.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132168/Beckhoff-IPC-Diagnositcs-Authentication-Bypass.html" - }, - { - "name" : "http://ftp.beckhoff.com/download/document/IndustPC/Advisory-2015-001.pdf", - "refsource" : "CONFIRM", - "url" : "http://ftp.beckhoff.com/download/document/IndustPC/Advisory-2015-001.pdf" - }, - { - "name" : "75042", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75042" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Beckhoff IPC Diagnostics before 1.8 does not properly restrict access to functions in /config, which allows remote attackers to cause a denial of service (reboot or shutdown), create arbitrary users, or possibly have unspecified other impact via a crafted request, as demonstrated by a beckhoff.com:service:cxconfig:1#Write SOAP action to /upnpisapi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/132168/Beckhoff-IPC-Diagnositcs-Authentication-Bypass.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132168/Beckhoff-IPC-Diagnositcs-Authentication-Bypass.html" + }, + { + "name": "http://ftp.beckhoff.com/download/document/IndustPC/Advisory-2015-001.pdf", + "refsource": "CONFIRM", + "url": "http://ftp.beckhoff.com/download/document/IndustPC/Advisory-2015-001.pdf" + }, + { + "name": "http://packetstormsecurity.com/files/134071/Beckoff-CX9020-CPU-Model-Remote-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/134071/Beckoff-CX9020-CPU-Model-Remote-Code-Execution.html" + }, + { + "name": "20150604 [CVE-2015-4051]: Beckhoff IPC diagnostics < 1.8 : Authentication bypass", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jun/10" + }, + { + "name": "75042", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75042" + }, + { + "name": "http://www.thesecurityfactory.be/permalink/beckhoff-authentication-bypass.html", + "refsource": "MISC", + "url": "http://www.thesecurityfactory.be/permalink/beckhoff-authentication-bypass.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4170.json b/2015/4xxx/CVE-2015-4170.json index fd07c5a4e78..e7ed9715246 100644 --- a/2015/4xxx/CVE-2015-4170.json +++ b/2015/4xxx/CVE-2015-4170.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150526 CVE request: vulnerability in the kernel tty subsystem.", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/05/26/1" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf872776fc84128bb779ce2b83a37c884c3203ae", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf872776fc84128bb779ce2b83a37c884c3203ae" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1218879", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1218879" - }, - { - "name" : "https://github.com/torvalds/linux/commit/cf872776fc84128bb779ce2b83a37c884c3203ae", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/cf872776fc84128bb779ce2b83a37c884c3203ae" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/next/patch-v3.13-rc4-next-20131218.xz", - "refsource" : "CONFIRM", - "url" : "https://www.kernel.org/pub/linux/kernel/next/patch-v3.13-rc4-next-20131218.xz" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "RHSA-2016:1395", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1395" - }, - { - "name" : "74820", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74820" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1218879", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218879" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf872776fc84128bb779ce2b83a37c884c3203ae", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf872776fc84128bb779ce2b83a37c884c3203ae" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/cf872776fc84128bb779ce2b83a37c884c3203ae", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/cf872776fc84128bb779ce2b83a37c884c3203ae" + }, + { + "name": "[oss-security] 20150526 CVE request: vulnerability in the kernel tty subsystem.", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/05/26/1" + }, + { + "name": "https://www.kernel.org/pub/linux/kernel/next/patch-v3.13-rc4-next-20131218.xz", + "refsource": "CONFIRM", + "url": "https://www.kernel.org/pub/linux/kernel/next/patch-v3.13-rc4-next-20131218.xz" + }, + { + "name": "RHSA-2016:1395", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1395" + }, + { + "name": "74820", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74820" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4217.json b/2015/4xxx/CVE-2015-4217.json index 2efa091a64d..25e391236d1 100644 --- a/2015/4xxx/CVE-2015-4217.json +++ b/2015/4xxx/CVE-2015-4217.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH host keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a private key from another installation, aka Bug IDs CSCus29681, CSCuu95676, and CSCuu96601." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150625 Cisco Virtual WSA, ESA, and SMA Default SSH Host Keys Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39461" - }, - { - "name" : "20150625 Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150625-ironport" - }, - { - "name" : "75418", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75418" - }, - { - "name" : "1032725", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032725" - }, - { - "name" : "1032726", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH host keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a private key from another installation, aka Bug IDs CSCus29681, CSCuu95676, and CSCuu96601." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150625 Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150625-ironport" + }, + { + "name": "1032725", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032725" + }, + { + "name": "20150625 Cisco Virtual WSA, ESA, and SMA Default SSH Host Keys Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39461" + }, + { + "name": "1032726", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032726" + }, + { + "name": "75418", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75418" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4311.json b/2015/4xxx/CVE-2015-4311.json index 52ea9d2491d..3d78650db1a 100644 --- a/2015/4xxx/CVE-2015-4311.json +++ b/2015/4xxx/CVE-2015-4311.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4311", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4311", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4573.json b/2015/4xxx/CVE-2015-4573.json index de534725477..99a1f0f1989 100644 --- a/2015/4xxx/CVE-2015-4573.json +++ b/2015/4xxx/CVE-2015-4573.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4573", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4573", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8058.json b/2015/8xxx/CVE-2015-8058.json index e34e5b3ee35..6c77ce08331 100644 --- a/2015/8xxx/CVE-2015-8058.json +++ b/2015/8xxx/CVE-2015-8058.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-8058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html" - }, - { - "name" : "GLSA-201601-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201601-03" - }, - { - "name" : "SUSE-SU-2015:2236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html" - }, - { - "name" : "SUSE-SU-2015:2247", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html" - }, - { - "name" : "openSUSE-SU-2015:2239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html" - }, - { - "name" : "78715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/78715" - }, - { - "name" : "1034318", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:2239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html" + }, + { + "name": "78715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/78715" + }, + { + "name": "SUSE-SU-2015:2236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html" + }, + { + "name": "SUSE-SU-2015:2247", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html" + }, + { + "name": "1034318", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034318" + }, + { + "name": "GLSA-201601-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201601-03" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8631.json b/2015/8xxx/CVE-2015-8631.json index 4cea49abc33..a83f00f8a49 100644 --- a/2015/8xxx/CVE-2015-8631.json +++ b/2015/8xxx/CVE-2015-8631.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8343", - "refsource" : "CONFIRM", - "url" : "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8343" - }, - { - "name" : "https://github.com/krb5/krb5/commit/83ed75feba32e46f736fcce0d96a0445f29b96c2", - "refsource" : "CONFIRM", - "url" : "https://github.com/krb5/krb5/commit/83ed75feba32e46f736fcce0d96a0445f29b96c2" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "DSA-3466", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3466" - }, - { - "name" : "RHSA-2016:0493", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0493.html" - }, - { - "name" : "RHSA-2016:0532", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0532.html" - }, - { - "name" : "openSUSE-SU-2016:0406", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00059.html" - }, - { - "name" : "openSUSE-SU-2016:0501", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00110.html" - }, - { - "name" : "1034916", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034916" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3466", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3466" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "openSUSE-SU-2016:0406", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00059.html" + }, + { + "name": "1034916", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034916" + }, + { + "name": "RHSA-2016:0493", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0493.html" + }, + { + "name": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8343", + "refsource": "CONFIRM", + "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8343" + }, + { + "name": "https://github.com/krb5/krb5/commit/83ed75feba32e46f736fcce0d96a0445f29b96c2", + "refsource": "CONFIRM", + "url": "https://github.com/krb5/krb5/commit/83ed75feba32e46f736fcce0d96a0445f29b96c2" + }, + { + "name": "RHSA-2016:0532", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0532.html" + }, + { + "name": "openSUSE-SU-2016:0501", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00110.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8728.json b/2015/8xxx/CVE-2015-8728.json index a17d2dc0c31..1f51ea84eae 100644 --- a/2015/8xxx/CVE-2015-8728.json +++ b/2015/8xxx/CVE-2015-8728.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2015-46.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2015-46.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11797", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11797" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=15edc8d714b11dcff3a04e5d00b8db9adfdb81ed", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=15edc8d714b11dcff3a04e5d00b8db9adfdb81ed" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" - }, - { - "name" : "DSA-3505", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3505" - }, - { - "name" : "GLSA-201604-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201604-05" - }, - { - "name" : "79382", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/79382" - }, - { - "name" : "1034551", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034551" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.wireshark.org/security/wnpa-sec-2015-46.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2015-46.html" + }, + { + "name": "79382", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/79382" + }, + { + "name": "DSA-3505", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3505" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=15edc8d714b11dcff3a04e5d00b8db9adfdb81ed", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=15edc8d714b11dcff3a04e5d00b8db9adfdb81ed" + }, + { + "name": "GLSA-201604-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201604-05" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11797", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11797" + }, + { + "name": "1034551", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034551" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8850.json b/2015/8xxx/CVE-2015-8850.json index d8a1fcd26bf..d2065e58422 100644 --- a/2015/8xxx/CVE-2015-8850.json +++ b/2015/8xxx/CVE-2015-8850.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8850", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8850", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5046.json b/2016/5xxx/CVE-2016-5046.json index 3c968b1c40b..70beeab1ca6 100644 --- a/2016/5xxx/CVE-2016-5046.json +++ b/2016/5xxx/CVE-2016-5046.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5046", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5046", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2072.json b/2018/2xxx/CVE-2018-2072.json index f0b86771555..6aa025c1535 100644 --- a/2018/2xxx/CVE-2018-2072.json +++ b/2018/2xxx/CVE-2018-2072.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2072", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2072", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2356.json b/2018/2xxx/CVE-2018-2356.json index 70b260bf3ad..152ebc5cbe0 100644 --- a/2018/2xxx/CVE-2018-2356.json +++ b/2018/2xxx/CVE-2018-2356.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2356", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2356", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3849.json b/2018/3xxx/CVE-2018-3849.json index 6856a8c16d5..a51f33e6ce8 100644 --- a/2018/3xxx/CVE-2018-3849.json +++ b/2018/3xxx/CVE-2018-3849.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-04-12T00:00:00", - "ID" : "CVE-2018-3849", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NASA CFITSIO", - "version" : { - "version_data" : [ - { - "version_value" : "NASA CFITSIO 3.42" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-04-12T00:00:00", + "ID": "CVE-2018-3849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NASA CFITSIO", + "version": { + "version_data": [ + { + "version_value": "NASA CFITSIO 3.42" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6155.json b/2018/6xxx/CVE-2018-6155.json index 171f76cd927..a5b0a58f5c6 100644 --- a/2018/6xxx/CVE-2018-6155.json +++ b/2018/6xxx/CVE-2018-6155.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6155", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6155", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6210.json b/2018/6xxx/CVE-2018-6210.json index 9ccb72f90e8..29c24a5d500 100644 --- a/2018/6xxx/CVE-2018-6210.json +++ b/2018/6xxx/CVE-2018-6210.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://securelist.com/backdoors-in-d-links-backyard/85530/", - "refsource" : "MISC", - "url" : "https://securelist.com/backdoors-in-d-links-backyard/85530/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://securelist.com/backdoors-in-d-links-backyard/85530/", + "refsource": "MISC", + "url": "https://securelist.com/backdoors-in-d-links-backyard/85530/" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6492.json b/2018/6xxx/CVE-2018-6492.json index 26cd2140a3a..20c6649f534 100644 --- a/2018/6xxx/CVE-2018-6492.json +++ b/2018/6xxx/CVE-2018-6492.json @@ -1,123 +1,123 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "DATE_PUBLIC" : "2018-05-09T19:01:00.000Z", - "ID" : "CVE-2018-6492", - "STATE" : "PUBLIC", - "TITLE" : "MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2018-05-09T19:01:00.000Z", + "ID": "CVE-2018-6492", + "STATE": "PUBLIC", + "TITLE": "MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Network Operations Management Ultimate", + "version": { + "version_data": [ + { + "version_value": "2017.07, 2017.11, 2018.02" + } + ] + } + }, + { + "product_name": "Network Automation", + "version": { + "version_data": [ + { + "version_value": "10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50" + } + ] + } + } + ] + }, + "vendor_name": "Micro Focus" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Micro Focus would like to thank Tilman Bender, Dennis Herrmann and Bastian Kanbach of Context Information Security GmbH for reporting this issue to cyber-psrt@microfocus.com." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Network Operations Management Ultimate", - "version" : { - "version_data" : [ - { - "version_value" : "2017.07, 2017.11, 2018.02" - } - ] - } - }, - { - "product_name" : "Network Automation", - "version" : { - "version_data" : [ - { - "version_value" : "10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50" - } - ] - } - } - ] - }, - "vendor_name" : "Micro Focus" + "lang": "eng", + "value": "Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent cross-site scripting, and non-persistent HTML Injection." } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Micro Focus would like to thank Tilman Bender, Dennis Herrmann and Bastian Kanbach of Context Information Security GmbH for reporting this issue to cyber-psrt@microfocus.com." - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent cross-site scripting, and non-persistent HTML Injection." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "Remote Cross-Site Scripting (XSS)" - } - ], - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 4.7, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "LOW", - "privilegesRequired" : "NONE", - "scope" : "CHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Cross-Site Scripting (XSS)" - } - ] - }, - { - "description" : [ - { - "lang" : "eng", - "value" : "non-persistent HTML Injection" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014", - "refsource" : "CONFIRM", - "url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014" - }, - { - "name" : "104131", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104131" - }, - { - "name" : "1040900", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040900" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Remote Cross-Site Scripting (XSS)" + } + ], + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Cross-Site Scripting (XSS)" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "non-persistent HTML Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014", + "refsource": "CONFIRM", + "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014" + }, + { + "name": "1040900", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040900" + }, + { + "name": "104131", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104131" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6889.json b/2018/6xxx/CVE-2018-6889.json index 0d7cb5007d0..21889a96c64 100644 --- a/2018/6xxx/CVE-2018-6889.json +++ b/2018/6xxx/CVE-2018-6889.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Typesetter 5.1. It suffers from a Host header injection vulnerability, Using this attack, a malicious user can poison the web cache or perform advanced password reset attacks or even trigger arbitrary user re-direction." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44028", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44028/" - }, - { - "name" : "https://securitywarrior9.blogspot.in/2018/02/host-header-injection-type-setter-cms-51.html", - "refsource" : "MISC", - "url" : "https://securitywarrior9.blogspot.in/2018/02/host-header-injection-type-setter-cms-51.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Typesetter 5.1. It suffers from a Host header injection vulnerability, Using this attack, a malicious user can poison the web cache or perform advanced password reset attacks or even trigger arbitrary user re-direction." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://securitywarrior9.blogspot.in/2018/02/host-header-injection-type-setter-cms-51.html", + "refsource": "MISC", + "url": "https://securitywarrior9.blogspot.in/2018/02/host-header-injection-type-setter-cms-51.html" + }, + { + "name": "44028", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44028/" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6999.json b/2018/6xxx/CVE-2018-6999.json index 445f56e64a8..ee0dad7a5ad 100644 --- a/2018/6xxx/CVE-2018-6999.json +++ b/2018/6xxx/CVE-2018-6999.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6999", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-6999", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7029.json b/2018/7xxx/CVE-2018-7029.json index 85645ed7deb..23bc66e4749 100644 --- a/2018/7xxx/CVE-2018-7029.json +++ b/2018/7xxx/CVE-2018-7029.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7029", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7029", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7460.json b/2018/7xxx/CVE-2018-7460.json index ca89a62ca9d..3bdf084895e 100644 --- a/2018/7xxx/CVE-2018-7460.json +++ b/2018/7xxx/CVE-2018-7460.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7460", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7460", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7889.json b/2018/7xxx/CVE-2018-7889.json index 2886cb9b9c4..a18559bff88 100644 --- a/2018/7xxx/CVE-2018-7889.json +++ b/2018/7xxx/CVE-2018-7889.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/calibre/+bug/1753870", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/calibre/+bug/1753870" - }, - { - "name" : "https://github.com/kovidgoyal/calibre/commit/aeb5b036a0bf657951756688b3c72bd68b6e4a7d", - "refsource" : "CONFIRM", - "url" : "https://github.com/kovidgoyal/calibre/commit/aeb5b036a0bf657951756688b3c72bd68b6e4a7d" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/calibre/+bug/1753870", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/calibre/+bug/1753870" + }, + { + "name": "https://github.com/kovidgoyal/calibre/commit/aeb5b036a0bf657951756688b3c72bd68b6e4a7d", + "refsource": "CONFIRM", + "url": "https://github.com/kovidgoyal/calibre/commit/aeb5b036a0bf657951756688b3c72bd68b6e4a7d" + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5093.json b/2019/5xxx/CVE-2019-5093.json index 68d0b42c7eb..36dd7b7c479 100644 --- a/2019/5xxx/CVE-2019-5093.json +++ b/2019/5xxx/CVE-2019-5093.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5093", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5093", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5140.json b/2019/5xxx/CVE-2019-5140.json index 44509eaa1d0..7d5b73f1b2e 100644 --- a/2019/5xxx/CVE-2019-5140.json +++ b/2019/5xxx/CVE-2019-5140.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5140", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5140", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5664.json b/2019/5xxx/CVE-2019-5664.json index 80a92d9f5d4..dfee63e2748 100644 --- a/2019/5xxx/CVE-2019-5664.json +++ b/2019/5xxx/CVE-2019-5664.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5664", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5664", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5943.json b/2019/5xxx/CVE-2019-5943.json index 295a273e6a8..02e82b3990d 100644 --- a/2019/5xxx/CVE-2019-5943.json +++ b/2019/5xxx/CVE-2019-5943.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5943", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5943", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file