From a513ce8e1ef4432fb0267bfccdecde96d4097f14 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:53:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/1xxx/CVE-1999-1029.json | 140 +++++++-------- 1999/1xxx/CVE-1999-1165.json | 140 +++++++-------- 1999/1xxx/CVE-1999-1350.json | 120 ++++++------- 1999/1xxx/CVE-1999-1482.json | 120 ++++++------- 2000/0xxx/CVE-2000-0276.json | 130 +++++++------- 2000/0xxx/CVE-2000-0944.json | 140 +++++++-------- 2000/0xxx/CVE-2000-0979.json | 160 ++++++++--------- 2000/1xxx/CVE-2000-1240.json | 130 +++++++------- 2005/2xxx/CVE-2005-2104.json | 220 +++++++++++------------ 2005/2xxx/CVE-2005-2215.json | 150 ++++++++-------- 2005/2xxx/CVE-2005-2488.json | 160 ++++++++--------- 2005/2xxx/CVE-2005-2509.json | 140 +++++++-------- 2005/2xxx/CVE-2005-2633.json | 140 +++++++-------- 2005/3xxx/CVE-2005-3073.json | 170 +++++++++--------- 2005/3xxx/CVE-2005-3245.json | 260 +++++++++++++-------------- 2005/3xxx/CVE-2005-3633.json | 200 ++++++++++----------- 2005/3xxx/CVE-2005-3934.json | 170 +++++++++--------- 2005/4xxx/CVE-2005-4258.json | 130 +++++++------- 2005/4xxx/CVE-2005-4362.json | 150 ++++++++-------- 2005/4xxx/CVE-2005-4496.json | 160 ++++++++--------- 2009/2xxx/CVE-2009-2075.json | 160 ++++++++--------- 2009/2xxx/CVE-2009-2134.json | 140 +++++++-------- 2009/2xxx/CVE-2009-2504.json | 140 +++++++-------- 2009/2xxx/CVE-2009-2981.json | 170 +++++++++--------- 2009/3xxx/CVE-2009-3111.json | 240 ++++++++++++------------- 2009/3xxx/CVE-2009-3488.json | 150 ++++++++-------- 2009/3xxx/CVE-2009-3787.json | 150 ++++++++-------- 2009/3xxx/CVE-2009-3819.json | 130 +++++++------- 2009/4xxx/CVE-2009-4341.json | 140 +++++++-------- 2009/4xxx/CVE-2009-4368.json | 170 +++++++++--------- 2015/0xxx/CVE-2015-0431.json | 160 ++++++++--------- 2015/0xxx/CVE-2015-0509.json | 130 +++++++------- 2015/0xxx/CVE-2015-0654.json | 130 +++++++------- 2015/0xxx/CVE-2015-0976.json | 120 ++++++------- 2015/1xxx/CVE-2015-1086.json | 160 ++++++++--------- 2015/1xxx/CVE-2015-1262.json | 200 ++++++++++----------- 2015/1xxx/CVE-2015-1787.json | 270 ++++++++++++++-------------- 2015/1xxx/CVE-2015-1830.json | 160 ++++++++--------- 2015/1xxx/CVE-2015-1860.json | 240 ++++++++++++------------- 2015/4xxx/CVE-2015-4006.json | 34 ++-- 2015/4xxx/CVE-2015-4240.json | 130 +++++++------- 2015/4xxx/CVE-2015-4286.json | 130 +++++++------- 2015/4xxx/CVE-2015-4690.json | 34 ++-- 2015/9xxx/CVE-2015-9251.json | 210 +++++++++++----------- 2018/2xxx/CVE-2018-2473.json | 156 ++++++++--------- 2018/2xxx/CVE-2018-2484.json | 328 +++++++++++++++++------------------ 2018/2xxx/CVE-2018-2683.json | 148 ++++++++-------- 2018/3xxx/CVE-2018-3183.json | 268 ++++++++++++++-------------- 2018/6xxx/CVE-2018-6102.json | 172 +++++++++--------- 2018/6xxx/CVE-2018-6142.json | 34 ++-- 2018/6xxx/CVE-2018-6328.json | 150 ++++++++-------- 2018/6xxx/CVE-2018-6870.json | 120 ++++++------- 2018/7xxx/CVE-2018-7462.json | 34 ++-- 2018/7xxx/CVE-2018-7521.json | 132 +++++++------- 2018/7xxx/CVE-2018-7827.json | 34 ++-- 2018/7xxx/CVE-2018-7838.json | 34 ++-- 56 files changed, 4219 insertions(+), 4219 deletions(-) diff --git a/1999/1xxx/CVE-1999-1029.json b/1999/1xxx/CVE-1999-1029.json index f53b121a5ac..fa91444690e 100644 --- a/1999/1xxx/CVE-1999-1029.json +++ b/1999/1xxx/CVE-1999-1029.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1029", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SSH server (sshd2) before 2.0.12 does not properly record login attempts if the connection is closed before the maximum number of tries, allowing a remote attacker to guess the password without showing up in the audit logs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990513 - J.J.F. / Hackers Team warns for SSHD 2.x brute force password hacking", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=92663402004280&w=2" - }, - { - "name" : "277", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/277" - }, - { - "name" : "ssh2-bruteforce(2193)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/2193" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SSH server (sshd2) before 2.0.12 does not properly record login attempts if the connection is closed before the maximum number of tries, allowing a remote attacker to guess the password without showing up in the audit logs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ssh2-bruteforce(2193)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2193" + }, + { + "name": "19990513 - J.J.F. / Hackers Team warns for SSHD 2.x brute force password hacking", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=92663402004280&w=2" + }, + { + "name": "277", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/277" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1165.json b/1999/1xxx/CVE-1999-1165.json index 9ada67c4f29..4686a5a0f56 100644 --- a/1999/1xxx/CVE-1999-1165.json +++ b/1999/1xxx/CVE-1999-1165.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990721 old gnu finger bugs", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=93268249021561&w=2" - }, - { - "name" : "19950317 GNU finger 1.37 executes ~/.fingerrc with gid root", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/2478" - }, - { - "name" : "535", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/535" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "535", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/535" + }, + { + "name": "19990721 old gnu finger bugs", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=93268249021561&w=2" + }, + { + "name": "19950317 GNU finger 1.37 executes ~/.fingerrc with gid root", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/2478" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1350.json b/1999/1xxx/CVE-1999-1350.json index cc0702ac63b..27cade0a276 100644 --- a/1999/1xxx/CVE-1999-1350.json +++ b/1999/1xxx/CVE-1999-1350.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ARCAD Systemhaus 0.078-5 installs critical programs and files with world-writeable permissions, which could allow local users to gain privileges by replacing a program with a Trojan horse." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990929 Multiple Vendor ARCAD permission problems", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=93871933521519&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ARCAD Systemhaus 0.078-5 installs critical programs and files with world-writeable permissions, which could allow local users to gain privileges by replacing a program with a Trojan horse." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19990929 Multiple Vendor ARCAD permission problems", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=93871933521519&w=2" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1482.json b/1999/1xxx/CVE-1999-1482.json index e733153b8b7..22c5844b7ad 100644 --- a/1999/1xxx/CVE-1999-1482.json +++ b/1999/1xxx/CVE-1999-1482.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SVGAlib zgv 3.0-7 and earlier allows local users to gain root access via a privilege leak of the iopl(3) privileges to child processes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990219 Security hole: \"zgv\"", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-02-15&msg=Pine.LNX.3.96.990219175605.9622A-100000@ferret.lmh.ox.ac.uk" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SVGAlib zgv 3.0-7 and earlier allows local users to gain root access via a privilege leak of the iopl(3) privileges to child processes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19990219 Security hole: \"zgv\"", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-02-15&msg=Pine.LNX.3.96.990219175605.9622A-100000@ferret.lmh.ox.ac.uk" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0276.json b/2000/0xxx/CVE-2000-0276.json index 1f5707585ae..124491f8abd 100644 --- a/2000/0xxx/CVE-2000-0276.json +++ b/2000/0xxx/CVE-2000-0276.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0276", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BeOS 4.5 and 5.0 allow local users to cause a denial of service via malformed direct system calls using interrupt 37." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0276", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000410 BeOS syscall bug", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000410131628.659.qmail@securityfocus.com" - }, - { - "name" : "1098", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BeOS 4.5 and 5.0 allow local users to cause a denial of service via malformed direct system calls using interrupt 37." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1098", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1098" + }, + { + "name": "20000410 BeOS syscall bug", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000410131628.659.qmail@securityfocus.com" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0944.json b/2000/0xxx/CVE-2000-0944.json index c36289e9ff5..24909bab820 100644 --- a/2000/0xxx/CVE-2000-0944.json +++ b/2000/0xxx/CVE-2000-0944.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0944", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001027 CGI-Bug: News Update 1.1 administration password bug", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-10/0402.html" - }, - { - "name" : "1881", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1881" - }, - { - "name" : "news-update-bypass-password(5433)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20001027 CGI-Bug: News Update 1.1 administration password bug", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0402.html" + }, + { + "name": "1881", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1881" + }, + { + "name": "news-update-bypass-password(5433)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5433" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0979.json b/2000/0xxx/CVE-2000-0979.json index 85edc55d6d8..a1779927834 100644 --- a/2000/0xxx/CVE-2000-0979.json +++ b/2000/0xxx/CVE-2000-0979.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the \"Share Level Password\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001012 NSFOCUS SA2000-05: Microsoft Windows 9x NETBIOS password", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=97147777618139&w=2" - }, - { - "name" : "MS00-072", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-072" - }, - { - "name" : "1780", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1780" - }, - { - "name" : "win9x-share-level-password(5395)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5395" - }, - { - "name" : "oval:org.mitre.oval:def:996", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the \"Share Level Password\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS00-072", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-072" + }, + { + "name": "win9x-share-level-password(5395)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5395" + }, + { + "name": "1780", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1780" + }, + { + "name": "20001012 NSFOCUS SA2000-05: Microsoft Windows 9x NETBIOS password", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=97147777618139&w=2" + }, + { + "name": "oval:org.mitre.oval:def:996", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A996" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1240.json b/2000/1xxx/CVE-2000-1240.json index 082b3563a60..7c1535b8410 100644 --- a/2000/1xxx/CVE-2000-1240.json +++ b/2000/1xxx/CVE-2000-1240.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in siteman.php3 in AnyPortal(php) before 22 APR 00 allows remote attackers to obtain sensitive information via unknown attack vectors, which reveal the absolute path. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "23983", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23983" - }, - { - "name" : "anyportalphp-siteman-information-disclosure(25441)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25441" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in siteman.php3 in AnyPortal(php) before 22 APR 00 allows remote attackers to obtain sensitive information via unknown attack vectors, which reveal the absolute path. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "anyportalphp-siteman-information-disclosure(25441)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25441" + }, + { + "name": "23983", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23983" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2104.json b/2005/2xxx/CVE-2005-2104.json index 89451af6b2b..b2c8f1e9450 100644 --- a/2005/2xxx/CVE-2005-2104.json +++ b/2005/2xxx/CVE-2005-2104.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sysreport before 1.3.7 allows local users to obtain sensitive information via a symlink attack on a temporary directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-2104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162978", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162978" - }, - { - "name" : "FEDORA-2005-1071", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00034.html" - }, - { - "name" : "FEDORA-2005-1072", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00035.html" - }, - { - "name" : "RHSA-2005:598", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-598.html" - }, - { - "name" : "15379", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15379" - }, - { - "name" : "18682", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18682" - }, - { - "name" : "oval:org.mitre.oval:def:9411", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9411" - }, - { - "name" : "1014653", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014653" - }, - { - "name" : "16381", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16381" - }, - { - "name" : "17539", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17539" - }, - { - "name" : "sysreport-race-condition(21770)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21770" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sysreport before 1.3.7 allows local users to obtain sensitive information via a symlink attack on a temporary directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16381", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16381" + }, + { + "name": "18682", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18682" + }, + { + "name": "17539", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17539" + }, + { + "name": "oval:org.mitre.oval:def:9411", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9411" + }, + { + "name": "FEDORA-2005-1071", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00034.html" + }, + { + "name": "sysreport-race-condition(21770)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21770" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162978", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162978" + }, + { + "name": "1014653", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014653" + }, + { + "name": "15379", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15379" + }, + { + "name": "RHSA-2005:598", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-598.html" + }, + { + "name": "FEDORA-2005-1072", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00035.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2215.json b/2005/2xxx/CVE-2005-2215.json index e8ca413e53d..a4ac7674b45 100644 --- a/2005/2xxx/CVE-2005-2215.json +++ b/2005/2xxx/CVE-2005-2215.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=340290", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=340290" - }, - { - "name" : "SUSE-SR:2005:019", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_19_sr.html" - }, - { - "name" : "14181", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14181" - }, - { - "name" : "15950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2005:019", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=340290", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=340290" + }, + { + "name": "14181", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14181" + }, + { + "name": "15950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15950" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2488.json b/2005/2xxx/CVE-2005-2488.json index 2ae883712de..e306f5e993b 100644 --- a/2005/2xxx/CVE-2005-2488.json +++ b/2005/2xxx/CVE-2005-2488.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Web Content Management News System allows remote attackers to inject arbitrary web script or HTML via (1) the strRootpath parameter to validsession.php or (2) the strTable parameter to Admin/News/List.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.rgod.altervista.org/webc.html", - "refsource" : "MISC", - "url" : "http://www.rgod.altervista.org/webc.html" - }, - { - "name" : "14464", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14464" - }, - { - "name" : "1014616", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014616" - }, - { - "name" : "16317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16317" - }, - { - "name" : "webcms-multiple-script-xss(21689)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Web Content Management News System allows remote attackers to inject arbitrary web script or HTML via (1) the strRootpath parameter to validsession.php or (2) the strTable parameter to Admin/News/List.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.rgod.altervista.org/webc.html", + "refsource": "MISC", + "url": "http://www.rgod.altervista.org/webc.html" + }, + { + "name": "16317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16317" + }, + { + "name": "14464", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14464" + }, + { + "name": "webcms-multiple-script-xss(21689)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21689" + }, + { + "name": "1014616", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014616" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2509.json b/2005/2xxx/CVE-2005-2509.json index a33614228e9..ecbe5cd0fc1 100644 --- a/2005/2xxx/CVE-2005-2509.json +++ b/2005/2xxx/CVE-2005-2509.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2005-08-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" - }, - { - "name" : "APPLE-SA-2005-08-17", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" - }, - { - "name" : "1014704", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014704" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014704", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014704" + }, + { + "name": "APPLE-SA-2005-08-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" + }, + { + "name": "APPLE-SA-2005-08-17", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2633.json b/2005/2xxx/CVE-2005-2633.json index a817d686314..db441ac0910 100644 --- a/2005/2xxx/CVE-2005-2633.json +++ b/2005/2xxx/CVE-2005-2633.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) board_o.php, (3) dev_o.php, (4) file_o.php or (5) tech_o.php in PHPTB Topic Board 2.0 and earlier allow remote attackers to execute arbitrary PHP code via the absolutepath parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050817 PHPTB Topic Board <= 20: Multiple PHP injection vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112431407619802&w=2" - }, - { - "name" : "14592", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14592" - }, - { - "name" : "16492", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16492" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) board_o.php, (3) dev_o.php, (4) file_o.php or (5) tech_o.php in PHPTB Topic Board 2.0 and earlier allow remote attackers to execute arbitrary PHP code via the absolutepath parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050817 PHPTB Topic Board <= 20: Multiple PHP injection vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112431407619802&w=2" + }, + { + "name": "16492", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16492" + }, + { + "name": "14592", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14592" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3073.json b/2005/3xxx/CVE-2005-3073.json index 7960ae3d25a..1887ec120be 100644 --- a/2005/3xxx/CVE-2005-3073.json +++ b/2005/3xxx/CVE-2005-3073.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, 5.0 before 5.0.2, and 5.2, when a catalog has been created using the (1) \"mike\", (2) \"standard\", or (3) \"foundation\" demo, allows attackers to inject Interchange Tag Language (ITL) elements into the forum/submit.html page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[interchange-announce] 20050922 Important: Security flaw found in Interchange demo catalog.", - "refsource" : "MLIST", - "url" : "http://www.icdevgroup.org/pipermail/interchange-announce/2005/000049.html" - }, - { - "name" : "[interchange-announce] 20050923 Important: Security flaw found in Interchange demo - Addendum", - "refsource" : "MLIST", - "url" : "http://www.icdevgroup.org/pipermail/interchange-announce/2005/000050.html" - }, - { - "name" : "14931", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14931" - }, - { - "name" : "19653", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19653" - }, - { - "name" : "16923", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16923" - }, - { - "name" : "interchange-submit-itl-injection(22387)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22387" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, 5.0 before 5.0.2, and 5.2, when a catalog has been created using the (1) \"mike\", (2) \"standard\", or (3) \"foundation\" demo, allows attackers to inject Interchange Tag Language (ITL) elements into the forum/submit.html page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "interchange-submit-itl-injection(22387)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22387" + }, + { + "name": "14931", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14931" + }, + { + "name": "16923", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16923" + }, + { + "name": "[interchange-announce] 20050922 Important: Security flaw found in Interchange demo catalog.", + "refsource": "MLIST", + "url": "http://www.icdevgroup.org/pipermail/interchange-announce/2005/000049.html" + }, + { + "name": "[interchange-announce] 20050923 Important: Security flaw found in Interchange demo - Addendum", + "refsource": "MLIST", + "url": "http://www.icdevgroup.org/pipermail/interchange-announce/2005/000050.html" + }, + { + "name": "19653", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19653" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3245.json b/2005/3xxx/CVE-2005-3245.json index 81d2e065b33..f99069cd7e3 100644 --- a/2005/3xxx/CVE-2005-3245.json +++ b/2005/3xxx/CVE-2005-3245.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3245", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the ONC RPC dissector in Ethereal 0.10.3 to 0.10.12, when the \"Dissect unknown RPC program numbers\" option is enabled, allows remote attackers to cause a denial of service (memory consumption)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-3245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00021.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00021.html" - }, - { - "name" : "FLSA-2006:152922", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" - }, - { - "name" : "GLSA-200510-25", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200510-25.xml" - }, - { - "name" : "RHSA-2005:809", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-809.html" - }, - { - "name" : "SUSE-SR:2005:025", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_25_sr.html" - }, - { - "name" : "15148", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15148" - }, - { - "name" : "20129", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20129" - }, - { - "name" : "oval:org.mitre.oval:def:11060", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11060" - }, - { - "name" : "1015082", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015082" - }, - { - "name" : "17377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17377" - }, - { - "name" : "17254", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17254" - }, - { - "name" : "17286", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17286" - }, - { - "name" : "17327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17327" - }, - { - "name" : "17392", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17392" - }, - { - "name" : "17480", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17480" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the ONC RPC dissector in Ethereal 0.10.3 to 0.10.12, when the \"Dissect unknown RPC program numbers\" option is enabled, allows remote attackers to cause a denial of service (memory consumption)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2005:809", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-809.html" + }, + { + "name": "17327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17327" + }, + { + "name": "GLSA-200510-25", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-25.xml" + }, + { + "name": "17392", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17392" + }, + { + "name": "17480", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17480" + }, + { + "name": "1015082", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015082" + }, + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00021.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00021.html" + }, + { + "name": "SUSE-SR:2005:025", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_25_sr.html" + }, + { + "name": "17286", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17286" + }, + { + "name": "FLSA-2006:152922", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" + }, + { + "name": "17377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17377" + }, + { + "name": "15148", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15148" + }, + { + "name": "20129", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20129" + }, + { + "name": "oval:org.mitre.oval:def:11060", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11060" + }, + { + "name": "17254", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17254" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3633.json b/2005/3xxx/CVE-2005-3633.json index 6ad8543418c..89b9c28791e 100644 --- a/2005/3xxx/CVE-2005-3633.json +++ b/2005/3xxx/CVE-2005-3633.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051109 CYBSEC - Security Advisory: HTTP Response Splitting in SAP WAS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113156438708932&w=2" - }, - { - "name" : "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SAP_WAS.pdf", - "refsource" : "MISC", - "url" : "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SAP_WAS.pdf" - }, - { - "name" : "15360", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15360/" - }, - { - "name" : "ADV-2005-2361", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2361" - }, - { - "name" : "20714", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20714" - }, - { - "name" : "1015174", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2005/Nov/1015174.html" - }, - { - "name" : "17515", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17515/" - }, - { - "name" : "164", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/164" - }, - { - "name" : "sap-sapexiturl-response-splitting(23030)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051109 CYBSEC - Security Advisory: HTTP Response Splitting in SAP WAS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113156438708932&w=2" + }, + { + "name": "sap-sapexiturl-response-splitting(23030)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23030" + }, + { + "name": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SAP_WAS.pdf", + "refsource": "MISC", + "url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_HTTP_Response_Splitting_in_SAP_WAS.pdf" + }, + { + "name": "164", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/164" + }, + { + "name": "20714", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20714" + }, + { + "name": "17515", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17515/" + }, + { + "name": "1015174", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html" + }, + { + "name": "ADV-2005-2361", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2361" + }, + { + "name": "15360", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15360/" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3934.json b/2005/3xxx/CVE-2005-3934.json index 0aa8de8baf8..f4f4102849e 100644 --- a/2005/3xxx/CVE-2005-3934.json +++ b/2005/3xxx/CVE-2005-3934.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other 32-bit versions allows remote attackers to cause a denial of service (application crash) via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/avcenter/security/Content/2005.11.29.html", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/avcenter/security/Content/2005.11.29.html" - }, - { - "name" : "15646", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15646" - }, - { - "name" : "ADV-2005-2658", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2658" - }, - { - "name" : "1015284", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015284" - }, - { - "name" : "17797", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17797" - }, - { - "name" : "symantec-pcanywhere-bo(23298)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other 32-bit versions allows remote attackers to cause a denial of service (application crash) via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17797", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17797" + }, + { + "name": "http://www.symantec.com/avcenter/security/Content/2005.11.29.html", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/avcenter/security/Content/2005.11.29.html" + }, + { + "name": "15646", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15646" + }, + { + "name": "1015284", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015284" + }, + { + "name": "ADV-2005-2658", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2658" + }, + { + "name": "symantec-pcanywhere-bo(23298)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23298" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4258.json b/2005/4xxx/CVE-2005-4258.json index 2f46c39d815..a579bdf3aaf 100644 --- a/2005/4xxx/CVE-2005-4258.json +++ b/2005/4xxx/CVE-2005-4258.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified Cisco Catalyst Switches allow remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15864", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15864" - }, - { - "name" : "cisco-catalyst-land-dos(44543)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44543" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified Cisco Catalyst Switches allow remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-catalyst-land-dos(44543)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44543" + }, + { + "name": "15864", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15864" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4362.json b/2005/4xxx/CVE-2005-4362.json index fb099aa1636..3e6005a16fe 100644 --- a/2005/4xxx/CVE-2005-4362.json +++ b/2005/4xxx/CVE-2005-4362.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in page.php in Komodo CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/komodo-cms-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/komodo-cms-vuln.html" - }, - { - "name" : "15966", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15966" - }, - { - "name" : "ADV-2005-2993", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2993" - }, - { - "name" : "18120", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in page.php in Komodo CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15966", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15966" + }, + { + "name": "18120", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18120" + }, + { + "name": "ADV-2005-2993", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2993" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/komodo-cms-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/komodo-cms-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4496.json b/2005/4xxx/CVE-2005-4496.json index 83b1ffab49d..ca6fbcc31a2 100644 --- a/2005/4xxx/CVE-2005-4496.json +++ b/2005/4xxx/CVE-2005-4496.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search in SyntaxCMS 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search_query parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/syntaxcms-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/syntaxcms-xss-vuln.html" - }, - { - "name" : "16033", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16033" - }, - { - "name" : "ADV-2005-3054", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3054" - }, - { - "name" : "21859", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21859" - }, - { - "name" : "18207", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18207" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search in SyntaxCMS 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search_query parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-3054", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3054" + }, + { + "name": "21859", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21859" + }, + { + "name": "18207", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18207" + }, + { + "name": "16033", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16033" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/syntaxcms-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/syntaxcms-xss-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2075.json b/2009/2xxx/CVE-2009-2075.json index e4e487a60cc..6c1739c47db 100644 --- a/2009/2xxx/CVE-2009-2075.json +++ b/2009/2xxx/CVE-2009-2075.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict access when displaying node titles, which has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/488092", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/488092" - }, - { - "name" : "http://drupal.org/node/488102", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/488102" - }, - { - "name" : "http://drupal.org/node/488104", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/488104" - }, - { - "name" : "35305", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35305" - }, - { - "name" : "35424", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35424" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict access when displaying node titles, which has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35424", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35424" + }, + { + "name": "http://drupal.org/node/488092", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/488092" + }, + { + "name": "35305", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35305" + }, + { + "name": "http://drupal.org/node/488104", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/488104" + }, + { + "name": "http://drupal.org/node/488102", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/488102" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2134.json b/2009/2xxx/CVE-2009-2134.json index 85575f77bfd..f6b07e57519 100644 --- a/2009/2xxx/CVE-2009-2134.json +++ b/2009/2xxx/CVE-2009-2134.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers to obtain sensitive information via an invalid url parameter, which reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090612 [InterN0T] Pivot 1.40.4-7 - Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504300/100/0/threaded" - }, - { - "name" : "8941", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8941" - }, - { - "name" : "http://forum.intern0t.net/intern0t-advisories/1119-intern0t-pivot-1-40-4-7-multiple-vulnerabilities.html", - "refsource" : "MISC", - "url" : "http://forum.intern0t.net/intern0t-advisories/1119-intern0t-pivot-1-40-4-7-multiple-vulnerabilities.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers to obtain sensitive information via an invalid url parameter, which reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8941", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8941" + }, + { + "name": "http://forum.intern0t.net/intern0t-advisories/1119-intern0t-pivot-1-40-4-7-multiple-vulnerabilities.html", + "refsource": "MISC", + "url": "http://forum.intern0t.net/intern0t-advisories/1119-intern0t-pivot-1-40-4-7-multiple-vulnerabilities.html" + }, + { + "name": "20090612 [InterN0T] Pivot 1.40.4-7 - Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504300/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2504.json b/2009/2xxx/CVE-2009-2504.json index 5c01742c36b..80c3b6736c8 100644 --- a/2009/2xxx/CVE-2009-2504.json +++ b/2009/2xxx/CVE-2009-2504.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"GDI+ .NET API Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-2504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS09-062", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062" - }, - { - "name" : "TA09-286A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-286A.html" - }, - { - "name" : "oval:org.mitre.oval:def:6282", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"GDI+ .NET API Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:6282", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282" + }, + { + "name": "TA09-286A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html" + }, + { + "name": "MS09-062", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2981.json b/2009/2xxx/CVE-2009-2981.json index 46f92aac762..9e78b0a0b49 100644 --- a/2009/2xxx/CVE-2009-2981.json +++ b/2009/2xxx/CVE-2009-2981.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to bypass intended Trust Manager restrictions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb09-15.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb09-15.html" - }, - { - "name" : "TA09-286B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-286B.html" - }, - { - "name" : "36638", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36638" - }, - { - "name" : "oval:org.mitre.oval:def:6284", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6284" - }, - { - "name" : "1023007", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023007" - }, - { - "name" : "ADV-2009-2898", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to bypass intended Trust Manager restrictions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36638", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36638" + }, + { + "name": "TA09-286B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-286B.html" + }, + { + "name": "1023007", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023007" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb09-15.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb09-15.html" + }, + { + "name": "oval:org.mitre.oval:def:6284", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6284" + }, + { + "name": "ADV-2009-2898", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2898" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3111.json b/2009/3xxx/CVE-2009-3111.json index 41ec984bab5..3a3fa4f2ba2 100644 --- a/2009/3xxx/CVE-2009-3111.json +++ b/2009/3xxx/CVE-2009-3111.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://intevydis.com/vd-list.shtml", - "refsource" : "MISC", - "url" : "http://intevydis.com/vd-list.shtml" - }, - { - "name" : "[freeradius-users] 20090909 Version 1.1.8 has been released", - "refsource" : "MLIST", - "url" : "https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html" - }, - { - "name" : "[oss-security] 20090909 CVE Request -- FreeRADIUS 1.1.8", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/09/09/1" - }, - { - "name" : "http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4", - "refsource" : "CONFIRM", - "url" : "http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4" - }, - { - "name" : "http://support.apple.com/kb/HT3937", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3937" - }, - { - "name" : "APPLE-SA-2009-11-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" - }, - { - "name" : "RHSA-2009:1451", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1451.html" - }, - { - "name" : "SUSE-SR:2009:016", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" - }, - { - "name" : "SUSE-SR:2009:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" - }, - { - "name" : "36263", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36263" - }, - { - "name" : "oval:org.mitre.oval:def:9919", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919" - }, - { - "name" : "36509", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36509" - }, - { - "name" : "ADV-2009-3184", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36263", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36263" + }, + { + "name": "SUSE-SR:2009:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" + }, + { + "name": "http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4", + "refsource": "CONFIRM", + "url": "http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4" + }, + { + "name": "[freeradius-users] 20090909 Version 1.1.8 has been released", + "refsource": "MLIST", + "url": "https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html" + }, + { + "name": "36509", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36509" + }, + { + "name": "oval:org.mitre.oval:def:9919", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919" + }, + { + "name": "http://intevydis.com/vd-list.shtml", + "refsource": "MISC", + "url": "http://intevydis.com/vd-list.shtml" + }, + { + "name": "ADV-2009-3184", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3184" + }, + { + "name": "SUSE-SR:2009:016", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" + }, + { + "name": "APPLE-SA-2009-11-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" + }, + { + "name": "[oss-security] 20090909 CVE Request -- FreeRADIUS 1.1.8", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/09/09/1" + }, + { + "name": "RHSA-2009:1451", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1451.html" + }, + { + "name": "http://support.apple.com/kb/HT3937", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3937" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3488.json b/2009/3xxx/CVE-2009-3488.json index e44ac6e5d4b..c853601487a 100644 --- a/2009/3xxx/CVE-2009-3488.json +++ b/2009/3xxx/CVE-2009-3488.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Bibliography (aka Biblio) module 6.x-1.6 for Drupal allows remote authenticated users, with certain content-creation privileges, to inject arbitrary web script or HTML via the Title field, probably a different vulnerability than CVE-2009-3479." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090925 Drupal Bibliography 6.x-1.6 XSS Vuln", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2009/Sep/0373.html" - }, - { - "name" : "36521", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36521" - }, - { - "name" : "36834", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36834" - }, - { - "name" : "bibliography-title-xss(53483)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53483" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Bibliography (aka Biblio) module 6.x-1.6 for Drupal allows remote authenticated users, with certain content-creation privileges, to inject arbitrary web script or HTML via the Title field, probably a different vulnerability than CVE-2009-3479." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36521", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36521" + }, + { + "name": "36834", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36834" + }, + { + "name": "bibliography-title-xss(53483)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53483" + }, + { + "name": "20090925 Drupal Bibliography 6.x-1.6 XSS Vuln", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2009/Sep/0373.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3787.json b/2009/3xxx/CVE-2009-3787.json index 55163ea3df8..c3596726fa7 100644 --- a/2009/3xxx/CVE-2009-3787.json +++ b/2009/3xxx/CVE-2009-3787.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3787", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct directory traversal attacks and read arbitrary files via the file parameter with \"logs/\" in between two . (dot) characters, which is filtered into a \"../\" sequence." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091021 [waraxe-2009-SA#075] - Remote File Disclosure in Vivvo CMS 4.1.5.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507358/100/0/threaded" - }, - { - "name" : "http://www.waraxe.us/advisory-75.html", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/advisory-75.html" - }, - { - "name" : "36783", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36783" - }, - { - "name" : "37117", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct directory traversal attacks and read arbitrary files via the file parameter with \"logs/\" in between two . (dot) characters, which is filtered into a \"../\" sequence." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20091021 [waraxe-2009-SA#075] - Remote File Disclosure in Vivvo CMS 4.1.5.1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507358/100/0/threaded" + }, + { + "name": "37117", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37117" + }, + { + "name": "36783", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36783" + }, + { + "name": "http://www.waraxe.us/advisory-75.html", + "refsource": "MISC", + "url": "http://www.waraxe.us/advisory-75.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3819.json b/2009/3xxx/CVE-2009-3819.json index caec1d8a74a..64646d02783 100644 --- a/2009/3xxx/CVE-2009-3819.json +++ b/2009/3xxx/CVE-2009-3819.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Random Images (maag_randomimage) extension 1.6.4 and earlier for TYPO3 allows remote attackers to execute arbitrary shell commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/" - }, - { - "name" : "37095", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37095" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Random Images (maag_randomimage) extension 1.6.4 and earlier for TYPO3 allows remote attackers to execute arbitrary shell commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37095", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37095" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4341.json b/2009/4xxx/CVE-2009-4341.json index 54ca0883a51..038cdb1649c 100644 --- a/2009/4xxx/CVE-2009-4341.json +++ b/2009/4xxx/CVE-2009-4341.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/" - }, - { - "name" : "ADV-2009-3550", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3550" - }, - { - "name" : "typo3-nis-sql-injection(54783)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54783" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "typo3-nis-sql-injection(54783)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54783" + }, + { + "name": "ADV-2009-3550", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3550" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4368.json b/2009/4xxx/CVE-2009-4368.json index 86f9d7aad8b..b9d708fe67b 100644 --- a/2009/4xxx/CVE-2009-4368.json +++ b/2009/4xxx/CVE-2009-4368.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.centreon.com/Development/changelog-2x.html", - "refsource" : "CONFIRM", - "url" : "http://www.centreon.com/Development/changelog-2x.html" - }, - { - "name" : "37383", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37383" - }, - { - "name" : "61183", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61183" - }, - { - "name" : "37808", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37808" - }, - { - "name" : "ADV-2009-3578", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3578" - }, - { - "name" : "centreon-ping-security-bypass(54893)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54893" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37383", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37383" + }, + { + "name": "ADV-2009-3578", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3578" + }, + { + "name": "http://www.centreon.com/Development/changelog-2x.html", + "refsource": "CONFIRM", + "url": "http://www.centreon.com/Development/changelog-2x.html" + }, + { + "name": "61183", + "refsource": "OSVDB", + "url": "http://osvdb.org/61183" + }, + { + "name": "37808", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37808" + }, + { + "name": "centreon-ping-security-bypass(54893)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54893" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0431.json b/2015/0xxx/CVE-2015-0431.json index 89d5f0eb80f..cc13927fd2d 100644 --- a/2015/0xxx/CVE-2015-0431.json +++ b/2015/0xxx/CVE-2015-0431.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0 6.3.1, 6.3.2, 6.3.4, and 6.3.5 allows remote attackers to affect integrity via unknown vectors related to UI Infrastructure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "72125", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72125" - }, - { - "name" : "1031576", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031576" - }, - { - "name" : "62506", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62506" - }, - { - "name" : "oracle-cpujan2015-cve20150431(100107)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0 6.3.1, 6.3.2, 6.3.4, and 6.3.5 allows remote attackers to affect integrity via unknown vectors related to UI Infrastructure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72125", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72125" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "62506", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62506" + }, + { + "name": "1031576", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031576" + }, + { + "name": "oracle-cpujan2015-cve20150431(100107)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100107" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0509.json b/2015/0xxx/CVE-2015-0509.json index 6e47cefb005..449fbbd9175 100644 --- a/2015/0xxx/CVE-2015-0509.json +++ b/2015/0xxx/CVE-2015-0509.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Hyperion BI+ component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect integrity via unknown vectors related to Reporting and Analysis." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" - }, - { - "name" : "1032123", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Hyperion BI+ component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect integrity via unknown vectors related to Reporting and Analysis." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032123", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032123" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0654.json b/2015/0xxx/CVE-2015-0654.json index 7b6954d9eab..8b8420b8844 100644 --- a/2015/0xxx/CVE-2015-0654.json +++ b/2015/0xxx/CVE-2015-0654.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0654", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System (IPS) Software before 7.3(3)E4 allows remote attackers to cause a denial of service (process hang) by establishing many HTTPS sessions, aka Bug ID CSCuq40652." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150311 Cisco Intrusion Prevention System MainApp Secure Socket Layer Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-ips" - }, - { - "name" : "1031908", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031908" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System (IPS) Software before 7.3(3)E4 allows remote attackers to cause a denial of service (process hang) by establishing many HTTPS sessions, aka Bug ID CSCuq40652." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150311 Cisco Intrusion Prevention System MainApp Secure Socket Layer Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-ips" + }, + { + "name": "1031908", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031908" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0976.json b/2015/0xxx/CVE-2015-0976.json index a4a8fdca6f4..62dc6c354d4 100644 --- a/2015/0xxx/CVE-2015-0976.json +++ b/2015/0xxx/CVE-2015-0976.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2015-0976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1086.json b/2015/1xxx/CVE-2015-1086.json index 8274d381118..1639c0d6757 100644 --- a/2015/1xxx/CVE-2015-1086.json +++ b/2015/1xxx/CVE-2015-1086.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1086", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly validate IOKit object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1086", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204661", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204661" - }, - { - "name" : "https://support.apple.com/HT204662", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204662" - }, - { - "name" : "APPLE-SA-2015-04-08-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" - }, - { - "name" : "APPLE-SA-2015-04-08-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" - }, - { - "name" : "1032050", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032050" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly validate IOKit object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-04-08-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" + }, + { + "name": "1032050", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032050" + }, + { + "name": "https://support.apple.com/HT204662", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204662" + }, + { + "name": "APPLE-SA-2015-04-08-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" + }, + { + "name": "https://support.apple.com/HT204661", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204661" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1262.json b/2015/1xxx/CVE-2015-1262.json index a62d5251dc3..87382d3749d 100644 --- a/2015/1xxx/CVE-2015-1262.json +++ b/2015/1xxx/CVE-2015-1262.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Unicode text." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=476647", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=476647" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=194541&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=194541&view=revision" - }, - { - "name" : "DSA-3267", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3267" - }, - { - "name" : "GLSA-201506-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201506-04" - }, - { - "name" : "openSUSE-SU-2015:1877", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html" - }, - { - "name" : "openSUSE-SU-2015:0969", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html" - }, - { - "name" : "74723", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74723" - }, - { - "name" : "1032375", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032375" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Unicode text." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:0969", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html" + }, + { + "name": "GLSA-201506-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201506-04" + }, + { + "name": "openSUSE-SU-2015:1877", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html" + }, + { + "name": "1032375", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032375" + }, + { + "name": "DSA-3267", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3267" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=194541&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=194541&view=revision" + }, + { + "name": "74723", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74723" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=476647", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=476647" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1787.json b/2015/1xxx/CVE-2015-1787.json index f67451128e2..45d623eda97 100644 --- a/2015/1xxx/CVE-2015-1787.json +++ b/2015/1xxx/CVE-2015-1787.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1787", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202406", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202406" - }, - { - "name" : "https://git.openssl.org/?p=openssl.git;a=commit;h=b19d8143212ae5fbc9cebfd51c01f802fabccd33", - "refsource" : "CONFIRM", - "url" : "https://git.openssl.org/?p=openssl.git;a=commit;h=b19d8143212ae5fbc9cebfd51c01f802fabccd33" - }, - { - "name" : "https://www.openssl.org/news/secadv_20150319.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv_20150319.txt" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa92", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa92" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10110", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10110" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "GLSA-201503-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201503-11" - }, - { - "name" : "HPSBMU03380", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143748090628601&w=2" - }, - { - "name" : "HPSBMU03397", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144050297101809&w=2" - }, - { - "name" : "HPSBMU03409", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144050155601375&w=2" - }, - { - "name" : "73238", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73238" - }, - { - "name" : "1031929", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=b19d8143212ae5fbc9cebfd51c01f802fabccd33", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=b19d8143212ae5fbc9cebfd51c01f802fabccd33" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10110", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10110" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "HPSBMU03409", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa92", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa92" + }, + { + "name": "https://www.openssl.org/news/secadv_20150319.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv_20150319.txt" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "HPSBMU03380", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143748090628601&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1202406", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202406" + }, + { + "name": "73238", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73238" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "HPSBMU03397", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144050297101809&w=2" + }, + { + "name": "1031929", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031929" + }, + { + "name": "GLSA-201503-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201503-11" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1830.json b/2015/1xxx/CVE-2015-1830.json index 5c26b72e722..852d1d646e7 100644 --- a/2015/1xxx/CVE-2015-1830.json +++ b/2015/1xxx/CVE-2015-1830.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-407/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-407/" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-407", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-407" - }, - { - "name" : "http://activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt", - "refsource" : "CONFIRM", - "url" : "http://activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt" - }, - { - "name" : "76452", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76452" - }, - { - "name" : "1033315", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033315" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt", + "refsource": "CONFIRM", + "url": "http://activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt" + }, + { + "name": "76452", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76452" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-407", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-407" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-407/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-407/" + }, + { + "name": "1033315", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033315" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1860.json b/2015/1xxx/CVE-2015-1860.json index 303f3c3a6ef..9b9ac66a890 100644 --- a/2015/1xxx/CVE-2015-1860.json +++ b/2015/1xxx/CVE-2015-1860.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1860", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling", - "refsource" : "MLIST", - "url" : "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html" - }, - { - "name" : "https://codereview.qt-project.org/#/c/108248/", - "refsource" : "CONFIRM", - "url" : "https://codereview.qt-project.org/#/c/108248/" - }, - { - "name" : "FEDORA-2015-6114", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html" - }, - { - "name" : "FEDORA-2015-6123", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html" - }, - { - "name" : "FEDORA-2015-6252", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html" - }, - { - "name" : "FEDORA-2015-6315", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html" - }, - { - "name" : "FEDORA-2015-6364", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html" - }, - { - "name" : "FEDORA-2015-6573", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html" - }, - { - "name" : "FEDORA-2015-6613", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html" - }, - { - "name" : "FEDORA-2015-6661", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html" - }, - { - "name" : "GLSA-201603-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-10" - }, - { - "name" : "USN-2626-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2626-1" - }, - { - "name" : "74302", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74302" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2015-6114", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html" + }, + { + "name": "FEDORA-2015-6573", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html" + }, + { + "name": "FEDORA-2015-6123", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html" + }, + { + "name": "GLSA-201603-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-10" + }, + { + "name": "FEDORA-2015-6315", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html" + }, + { + "name": "FEDORA-2015-6613", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html" + }, + { + "name": "74302", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74302" + }, + { + "name": "FEDORA-2015-6364", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html" + }, + { + "name": "FEDORA-2015-6661", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html" + }, + { + "name": "USN-2626-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2626-1" + }, + { + "name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling", + "refsource": "MLIST", + "url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html" + }, + { + "name": "https://codereview.qt-project.org/#/c/108248/", + "refsource": "CONFIRM", + "url": "https://codereview.qt-project.org/#/c/108248/" + }, + { + "name": "FEDORA-2015-6252", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4006.json b/2015/4xxx/CVE-2015-4006.json index 9204a9e9b0a..2e19e24da24 100644 --- a/2015/4xxx/CVE-2015-4006.json +++ b/2015/4xxx/CVE-2015-4006.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4006", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4006", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4240.json b/2015/4xxx/CVE-2015-4240.json index bae45027daa..4fc88ecda31 100644 --- a/2015/4xxx/CVE-2015-4240.json +++ b/2015/4xxx/CVE-2015-4240.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IP Communicator 8.6(4) allows remote attackers to cause a denial of service (service outage) via an unspecified URL in a GET request, aka Bug ID CSCuu37656." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150707 Cisco IP Communicator Web Access Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39623" - }, - { - "name" : "1032807", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IP Communicator 8.6(4) allows remote attackers to cause a denial of service (service outage) via an unspecified URL in a GET request, aka Bug ID CSCuu37656." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032807", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032807" + }, + { + "name": "20150707 Cisco IP Communicator Web Access Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39623" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4286.json b/2015/4xxx/CVE-2015-4286.json index 16003c7b797..803ae9b91ee 100644 --- a/2015/4xxx/CVE-2015-4286.json +++ b/2015/4xxx/CVE-2015-4286.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150728 Cisco UCS Central Software File Access Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=40151" - }, - { - "name" : "1033112", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033112" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150728 Cisco UCS Central Software File Access Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40151" + }, + { + "name": "1033112", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033112" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4690.json b/2015/4xxx/CVE-2015-4690.json index 1a02ed8c006..faaba331b4f 100644 --- a/2015/4xxx/CVE-2015-4690.json +++ b/2015/4xxx/CVE-2015-4690.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4690", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4690", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9251.json b/2015/9xxx/CVE-2015-9251.json index 5cd628aefce..6e54fd0ffaf 100644 --- a/2015/9xxx/CVE-2015-9251.json +++ b/2015/9xxx/CVE-2015-9251.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-9251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", - "refsource" : "MISC", - "url" : "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc" - }, - { - "name" : "https://github.com/jquery/jquery/issues/2432", - "refsource" : "MISC", - "url" : "https://github.com/jquery/jquery/issues/2432" - }, - { - "name" : "https://github.com/jquery/jquery/pull/2588", - "refsource" : "MISC", - "url" : "https://github.com/jquery/jquery/pull/2588" - }, - { - "name" : "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", - "refsource" : "MISC", - "url" : "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2" - }, - { - "name" : "https://snyk.io/vuln/npm:jquery:20150627", - "refsource" : "MISC", - "url" : "https://snyk.io/vuln/npm:jquery:20150627" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04" - }, - { - "name" : "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", - "refsource" : "MISC", - "url" : "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "105658", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jquery/jquery/issues/2432", + "refsource": "MISC", + "url": "https://github.com/jquery/jquery/issues/2432" + }, + { + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", + "refsource": "MISC", + "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf" + }, + { + "name": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", + "refsource": "MISC", + "url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2" + }, + { + "name": "https://snyk.io/vuln/npm:jquery:20150627", + "refsource": "MISC", + "url": "https://snyk.io/vuln/npm:jquery:20150627" + }, + { + "name": "https://github.com/jquery/jquery/pull/2588", + "refsource": "MISC", + "url": "https://github.com/jquery/jquery/pull/2588" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "105658", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105658" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04" + }, + { + "name": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", + "refsource": "MISC", + "url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2473.json b/2018/2xxx/CVE-2018-2473.json index 80eee49ce78..d6e97628d2b 100644 --- a/2018/2xxx/CVE-2018-2473.json +++ b/2018/2xxx/CVE-2018-2473.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2018-2473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP BusinessObjects Business Intelligence Platform Server", - "version" : { - "version_data" : [ - { - "version_name" : "=", - "version_value" : "4.1" - }, - { - "version_name" : "=", - "version_value" : "4.2" - } - ] - } - } - ] - }, - "vendor_name" : "SAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2018-2473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP BusinessObjects Business Intelligence Platform Server", + "version": { + "version_data": [ + { + "version_name": "=", + "version_value": "4.1" + }, + { + "version_name": "=", + "version_value": "4.2" + } + ] + } + } + ] + }, + "vendor_name": "SAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.support.sap.com/#/notes/2657670", - "refsource" : "MISC", - "url" : "https://launchpad.support.sap.com/#/notes/2657670" - }, - { - "name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832", - "refsource" : "MISC", - "url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832" - }, - { - "name" : "105903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105903" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://launchpad.support.sap.com/#/notes/2657670", + "refsource": "MISC", + "url": "https://launchpad.support.sap.com/#/notes/2657670" + }, + { + "name": "105903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105903" + }, + { + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832", + "refsource": "MISC", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2484.json b/2018/2xxx/CVE-2018-2484.json index e238f7e540a..b240939aba5 100644 --- a/2018/2xxx/CVE-2018-2484.json +++ b/2018/2xxx/CVE-2018-2484.json @@ -1,166 +1,166 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2018-2484", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP Enterprise Financial Services (SAPSCORE)", - "version" : { - "version_data" : [ - { - "version_name" : "<", - "version_value" : "1.13" - }, - { - "version_name" : "<", - "version_value" : "1.14" - }, - { - "version_name" : "<", - "version_value" : "1.15" - } - ] - } - }, - { - "product_name" : "SAP Enterprise Financial Services (S4CORE)", - "version" : { - "version_data" : [ - { - "version_name" : "<", - "version_value" : "1.01" - }, - { - "version_name" : "<", - "version_value" : "1.02" - }, - { - "version_name" : "<", - "version_value" : "1.03" - } - ] - } - }, - { - "product_name" : "SAP Enterprise Financial Services (EA-FINSERV)", - "version" : { - "version_data" : [ - { - "version_name" : "<", - "version_value" : "1.10" - }, - { - "version_name" : "<", - "version_value" : "2.0" - }, - { - "version_name" : "<", - "version_value" : "5.0" - }, - { - "version_name" : "<", - "version_value" : "6.0" - }, - { - "version_name" : "<", - "version_value" : "6.03" - }, - { - "version_name" : "<", - "version_value" : "6.04" - }, - { - "version_name" : "<", - "version_value" : "6.05" - }, - { - "version_name" : "<", - "version_value" : "6.06" - }, - { - "version_name" : "<", - "version_value" : "6.16" - }, - { - "version_name" : "<", - "version_value" : "6.17" - }, - { - "version_name" : "<", - "version_value" : "6.18" - }, - { - "version_name" : "<", - "version_value" : "8.0" - } - ] - } - }, - { - "product_name" : "SAP Enterprise Financial Services (Bank/CFM)", - "version" : { - "version_data" : [ - { - "version_name" : "<", - "version_value" : "4.63_20" - } - ] - } - } - ] - }, - "vendor_name" : "SAP SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Authorization Check" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2018-2484", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP Enterprise Financial Services (SAPSCORE)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "1.13" + }, + { + "version_name": "<", + "version_value": "1.14" + }, + { + "version_name": "<", + "version_value": "1.15" + } + ] + } + }, + { + "product_name": "SAP Enterprise Financial Services (S4CORE)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "1.01" + }, + { + "version_name": "<", + "version_value": "1.02" + }, + { + "version_name": "<", + "version_value": "1.03" + } + ] + } + }, + { + "product_name": "SAP Enterprise Financial Services (EA-FINSERV)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "1.10" + }, + { + "version_name": "<", + "version_value": "2.0" + }, + { + "version_name": "<", + "version_value": "5.0" + }, + { + "version_name": "<", + "version_value": "6.0" + }, + { + "version_name": "<", + "version_value": "6.03" + }, + { + "version_name": "<", + "version_value": "6.04" + }, + { + "version_name": "<", + "version_value": "6.05" + }, + { + "version_name": "<", + "version_value": "6.06" + }, + { + "version_name": "<", + "version_value": "6.16" + }, + { + "version_name": "<", + "version_value": "6.17" + }, + { + "version_name": "<", + "version_value": "6.18" + }, + { + "version_name": "<", + "version_value": "8.0" + } + ] + } + }, + { + "product_name": "SAP Enterprise Financial Services (Bank/CFM)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "4.63_20" + } + ] + } + } + ] + }, + "vendor_name": "SAP SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.support.sap.com/#/notes/2662687", - "refsource" : "MISC", - "url" : "https://launchpad.support.sap.com/#/notes/2662687" - }, - { - "name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985", - "refsource" : "MISC", - "url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985" - }, - { - "name" : "106477", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Authorization Check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://launchpad.support.sap.com/#/notes/2662687", + "refsource": "MISC", + "url": "https://launchpad.support.sap.com/#/notes/2662687" + }, + { + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985", + "refsource": "MISC", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985" + }, + { + "name": "106477", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106477" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2683.json b/2018/2xxx/CVE-2018-2683.json index 24f7d2885b1..16ac2eb289a 100644 --- a/2018/2xxx/CVE-2018-2683.json +++ b/2018/2xxx/CVE-2018-2683.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2683", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Simphony", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "2.7" - }, - { - "version_affected" : "=", - "version_value" : "2.8" - }, - { - "version_affected" : "=", - "version_value" : "2.9" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: POS). Supported versions that are affected are 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Simphony. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Simphony." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Simphony", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.7" + }, + { + "version_affected": "=", + "version_value": "2.8" + }, + { + "version_affected": "=", + "version_value": "2.9" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102544", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102544" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: POS). Supported versions that are affected are 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Simphony. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Simphony." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "102544", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102544" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3183.json b/2018/3xxx/CVE-2018-3183.json index f01f8e04d34..ad4f9eba3ff 100644 --- a/2018/3xxx/CVE-2018-3183.json +++ b/2018/3xxx/CVE-2018-3183.json @@ -1,136 +1,136 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java SE: 8u181, 11" - }, - { - "version_affected" : "=", - "version_value" : "Java SE Embedded: 8u181" - }, - { - "version_affected" : "=", - "version_value" : "JRockit: R28.3.19" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java SE: 8u181, 11" + }, + { + "version_affected": "=", + "version_value": "Java SE Embedded: 8u181" + }, + { + "version_affected": "=", + "version_value": "JRockit: R28.3.19" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20181018-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181018-0001/" - }, - { - "name" : "DSA-4326", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4326" - }, - { - "name" : "RHSA-2018:2942", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2942" - }, - { - "name" : "RHSA-2018:2943", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2943" - }, - { - "name" : "RHSA-2018:3002", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3002" - }, - { - "name" : "RHSA-2018:3003", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3003" - }, - { - "name" : "RHSA-2018:3521", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3521" - }, - { - "name" : "RHSA-2018:3533", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3533" - }, - { - "name" : "RHSA-2018:3534", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3534" - }, - { - "name" : "RHSA-2018:3852", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3852" - }, - { - "name" : "USN-3804-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3804-1/" - }, - { - "name" : "105622", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105622" - }, - { - "name" : "1041889", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20181018-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181018-0001/" + }, + { + "name": "RHSA-2018:2942", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2942" + }, + { + "name": "RHSA-2018:3534", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3534" + }, + { + "name": "RHSA-2018:3003", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3003" + }, + { + "name": "105622", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105622" + }, + { + "name": "USN-3804-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3804-1/" + }, + { + "name": "RHSA-2018:3002", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3002" + }, + { + "name": "RHSA-2018:3852", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3852" + }, + { + "name": "DSA-4326", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4326" + }, + { + "name": "RHSA-2018:2943", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2943" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "RHSA-2018:3533", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3533" + }, + { + "name": "1041889", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041889" + }, + { + "name": "RHSA-2018:3521", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3521" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6102.json b/2018/6xxx/CVE-2018-6102.json index f42b265345e..7124f6c892a 100644 --- a/2018/6xxx/CVE-2018-6102.json +++ b/2018/6xxx/CVE-2018-6102.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-6102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "66.0.3359.117" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient policy enforcement" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-6102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "66.0.3359.117" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/813814", - "refsource" : "MISC", - "url" : "https://crbug.com/813814" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4182", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4182" - }, - { - "name" : "GLSA-201804-22", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201804-22" - }, - { - "name" : "RHSA-2018:1195", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1195" - }, - { - "name" : "103917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201804-22", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201804-22" + }, + { + "name": "https://crbug.com/813814", + "refsource": "MISC", + "url": "https://crbug.com/813814" + }, + { + "name": "DSA-4182", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4182" + }, + { + "name": "103917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103917" + }, + { + "name": "RHSA-2018:1195", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1195" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6142.json b/2018/6xxx/CVE-2018-6142.json index 7ed82d3c2ee..781d8264119 100644 --- a/2018/6xxx/CVE-2018-6142.json +++ b/2018/6xxx/CVE-2018-6142.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6142", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6142", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6328.json b/2018/6xxx/CVE-2018-6328.json index c895082e078..2fc79f22d41 100644 --- a/2018/6xxx/CVE-2018-6328.json +++ b/2018/6xxx/CVE-2018-6328.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6328", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44297", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44297/" - }, - { - "name" : "45559", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45559/" - }, - { - "name" : "https://support.unitrends.com/UnitrendsBackup/s/article/000001150", - "refsource" : "CONFIRM", - "url" : "https://support.unitrends.com/UnitrendsBackup/s/article/000001150" - }, - { - "name" : "https://support.unitrends.com/UnitrendsBackup/s/article/000006002", - "refsource" : "CONFIRM", - "url" : "https://support.unitrends.com/UnitrendsBackup/s/article/000006002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45559", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45559/" + }, + { + "name": "https://support.unitrends.com/UnitrendsBackup/s/article/000006002", + "refsource": "CONFIRM", + "url": "https://support.unitrends.com/UnitrendsBackup/s/article/000006002" + }, + { + "name": "44297", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44297/" + }, + { + "name": "https://support.unitrends.com/UnitrendsBackup/s/article/000001150", + "refsource": "CONFIRM", + "url": "https://support.unitrends.com/UnitrendsBackup/s/article/000001150" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6870.json b/2018/6xxx/CVE-2018-6870.json index f4b5784274f..b699fbf9946 100644 --- a/2018/6xxx/CVE-2018-6870.json +++ b/2018/6xxx/CVE-2018-6870.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 via the Listings Search feature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://0day4u.wordpress.com/2018/03/19/website-seller-script-reflected-xss/", - "refsource" : "MISC", - "url" : "https://0day4u.wordpress.com/2018/03/19/website-seller-script-reflected-xss/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 via the Listings Search feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://0day4u.wordpress.com/2018/03/19/website-seller-script-reflected-xss/", + "refsource": "MISC", + "url": "https://0day4u.wordpress.com/2018/03/19/website-seller-script-reflected-xss/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7462.json b/2018/7xxx/CVE-2018-7462.json index 5faad75025d..1121c714ca8 100644 --- a/2018/7xxx/CVE-2018-7462.json +++ b/2018/7xxx/CVE-2018-7462.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7462", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7462", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7521.json b/2018/7xxx/CVE-2018-7521.json index 35e16241772..bfb1e789e8d 100644 --- a/2018/7xxx/CVE-2018-7521.json +++ b/2018/7xxx/CVE-2018-7521.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-03-13T00:00:00", - "ID" : "CVE-2018-7521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Omron CX-Supervisor", - "version" : { - "version_data" : [ - { - "version_value" : "Version 3.30 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnerabilities can be exploited when CX Supervisor parses a specially crafted project file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "USE AFTER FREE CWE-416" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-03-13T00:00:00", + "ID": "CVE-2018-7521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Omron CX-Supervisor", + "version": { + "version_data": [ + { + "version_value": "Version 3.30 and prior" + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01" - }, - { - "name" : "103394", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103394" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnerabilities can be exploited when CX Supervisor parses a specially crafted project file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "USE AFTER FREE CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103394", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103394" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7827.json b/2018/7xxx/CVE-2018-7827.json index 2857d91127e..695048d4625 100644 --- a/2018/7xxx/CVE-2018-7827.json +++ b/2018/7xxx/CVE-2018-7827.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7827", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7827", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7838.json b/2018/7xxx/CVE-2018-7838.json index a698d999b36..d702060cbdf 100644 --- a/2018/7xxx/CVE-2018-7838.json +++ b/2018/7xxx/CVE-2018-7838.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7838", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7838", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file