From b35c5382089c2962aadac1758b8553e839410ff7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 21:43:29 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/0xxx/CVE-1999-0268.json | 130 +++++------ 1999/0xxx/CVE-1999-0562.json | 120 +++++----- 1999/0xxx/CVE-1999-0991.json | 120 +++++----- 1999/1xxx/CVE-1999-1130.json | 140 ++++++------ 2000/1xxx/CVE-2000-1119.json | 170 +++++++-------- 2005/2xxx/CVE-2005-2209.json | 130 +++++------ 2005/2xxx/CVE-2005-2761.json | 150 ++++++------- 2005/3xxx/CVE-2005-3492.json | 170 +++++++-------- 2005/3xxx/CVE-2005-3573.json | 340 ++++++++++++++--------------- 2007/5xxx/CVE-2007-5112.json | 210 +++++++++--------- 2007/5xxx/CVE-2007-5120.json | 180 +++++++-------- 2009/2xxx/CVE-2009-2156.json | 180 +++++++-------- 2009/2xxx/CVE-2009-2303.json | 140 ++++++------ 2009/2xxx/CVE-2009-2851.json | 190 ++++++++-------- 2009/3xxx/CVE-2009-3685.json | 34 +-- 2009/3xxx/CVE-2009-3935.json | 140 ++++++------ 2015/0xxx/CVE-2015-0008.json | 180 +++++++-------- 2015/0xxx/CVE-2015-0873.json | 120 +++++----- 2015/0xxx/CVE-2015-0980.json | 120 +++++----- 2015/4xxx/CVE-2015-4173.json | 150 ++++++------- 2015/4xxx/CVE-2015-4851.json | 180 +++++++-------- 2015/4xxx/CVE-2015-4880.json | 130 +++++------ 2015/4xxx/CVE-2015-4900.json | 130 +++++------ 2015/8xxx/CVE-2015-8132.json | 34 +-- 2015/8xxx/CVE-2015-8347.json | 34 +-- 2015/8xxx/CVE-2015-8788.json | 34 +-- 2015/8xxx/CVE-2015-8833.json | 230 +++++++++---------- 2015/8xxx/CVE-2015-8857.json | 140 ++++++------ 2015/9xxx/CVE-2015-9124.json | 132 +++++------ 2016/5xxx/CVE-2016-5699.json | 290 ++++++++++++------------ 2018/1002xxx/CVE-2018-1002104.json | 36 +-- 2018/1999xxx/CVE-2018-1999018.json | 126 +++++------ 2018/2xxx/CVE-2018-2664.json | 142 ++++++------ 2018/6xxx/CVE-2018-6639.json | 130 +++++------ 2018/6xxx/CVE-2018-6692.json | 178 +++++++-------- 2018/7xxx/CVE-2018-7114.json | 150 ++++++------- 2018/7xxx/CVE-2018-7178.json | 120 +++++----- 2018/7xxx/CVE-2018-7610.json | 34 +-- 2019/1xxx/CVE-2019-1189.json | 34 +-- 2019/1xxx/CVE-2019-1586.json | 34 +-- 2019/1xxx/CVE-2019-1678.json | 180 +++++++-------- 2019/1xxx/CVE-2019-1889.json | 34 +-- 2019/5xxx/CVE-2019-5211.json | 34 +-- 2019/5xxx/CVE-2019-5442.json | 34 +-- 2019/5xxx/CVE-2019-5595.json | 120 +++++----- 2019/5xxx/CVE-2019-5866.json | 34 +-- 46 files changed, 2934 insertions(+), 2934 deletions(-) diff --git a/1999/0xxx/CVE-1999-0268.json b/1999/0xxx/CVE-1999-0268.json index 83d20619649..c4f759a87bb 100644 --- a/1999/0xxx/CVE-1999-0268.json +++ b/1999/0xxx/CVE-1999-0268.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MetaInfo MetaWeb web server allows users to upload, execute, and read scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "110", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/110" - }, - { - "name" : "3969", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3969" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MetaInfo MetaWeb web server allows users to upload, execute, and read scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "110", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/110" + }, + { + "name": "3969", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3969" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0562.json b/1999/0xxx/CVE-1999-0562.json index a3147f56d24..1deea1b5275 100644 --- a/1999/0xxx/CVE-1999-0562.json +++ b/1999/0xxx/CVE-1999-0562.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The registry in Windows NT can be accessed remotely by users who are not administrators." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "oval:org.mitre.oval:def:1023", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1023" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The registry in Windows NT can be accessed remotely by users who are not administrators." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:1023", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1023" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0991.json b/1999/0xxx/CVE-1999-0991.json index 95238c0a81d..932a2862e37 100644 --- a/1999/0xxx/CVE-1999-0991.json +++ b/1999/0xxx/CVE-1999-0991.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0991", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in GoodTech Telnet Server NT allows remote users to cause a denial of service via a long login name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "862", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/862" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in GoodTech Telnet Server NT allows remote users to cause a denial of service via a long login name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "862", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/862" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1130.json b/1999/1xxx/CVE-1999-1130.json index b993d31fcf2..a6056da9da3 100644 --- a/1999/1xxx/CVE-1999-1130.json +++ b/1999/1xxx/CVE-1999-1130.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Default configuration of the search engine in Netscape Enterprise Server 3.5.1, and possibly other versions, allows remote attackers to read the source of JHTML files by specifying a search command using the HTML-tocrec-demo1.pat pattern file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990730 Netscape Enterprise Server yeilds source of JHTML", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=93346448121208&w=2" - }, - { - "name" : "19990730 Netscape Enterprise Server yeilds source of JHTML", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=93337389603117&w=2" - }, - { - "name" : "559", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/559" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Default configuration of the search engine in Netscape Enterprise Server 3.5.1, and possibly other versions, allows remote attackers to read the source of JHTML files by specifying a search command using the HTML-tocrec-demo1.pat pattern file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19990730 Netscape Enterprise Server yeilds source of JHTML", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=93346448121208&w=2" + }, + { + "name": "19990730 Netscape Enterprise Server yeilds source of JHTML", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=93337389603117&w=2" + }, + { + "name": "559", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/559" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1119.json b/2000/1xxx/CVE-2000-1119.json index af1c11e09fa..17685e255c2 100644 --- a/2000/1xxx/CVE-2000-1119.json +++ b/2000/1xxx/CVE-2000-1119.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long \"x=\" argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001201 Fixed local AIX V43 vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=97569466809056&w=2" - }, - { - "name" : "IY08812", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY08812&apar=only" - }, - { - "name" : "IY10721", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY10721&apar=only" - }, - { - "name" : "2032", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2032" - }, - { - "name" : "aix-setsenv-bo(5621)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5621" - }, - { - "name" : "1676", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1676" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long \"x=\" argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2032", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2032" + }, + { + "name": "IY10721", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY10721&apar=only" + }, + { + "name": "IY08812", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY08812&apar=only" + }, + { + "name": "20001201 Fixed local AIX V43 vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=97569466809056&w=2" + }, + { + "name": "1676", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1676" + }, + { + "name": "aix-setsenv-bo(5621)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5621" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2209.json b/2005/2xxx/CVE-2005-2209.json index 48072ab192b..cb30f374785 100644 --- a/2005/2xxx/CVE-2005-2209.json +++ b/2005/2xxx/CVE-2005-2209.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1014409", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014409" - }, - { - "name" : "15995", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15995" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014409", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014409" + }, + { + "name": "15995", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15995" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2761.json b/2005/2xxx/CVE-2005-2761.json index bd2c8c063da..91193c41bda 100644 --- a/2005/2xxx/CVE-2005-2761.json +++ b/2005/2xxx/CVE-2005-2761.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 allows administrators to inject arbitrary web script or HTML by modifying the main screen message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-2761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://savannah.gnu.org/bugs/?func=detailitem&item_id=13863", - "refsource" : "MISC", - "url" : "http://savannah.gnu.org/bugs/?func=detailitem&item_id=13863" - }, - { - "name" : "DSA-798", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-798" - }, - { - "name" : "1014832", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014832" - }, - { - "name" : "16558", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16558" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 allows administrators to inject arbitrary web script or HTML by modifying the main screen message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16558", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16558" + }, + { + "name": "1014832", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014832" + }, + { + "name": "DSA-798", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-798" + }, + { + "name": "http://savannah.gnu.org/bugs/?func=detailitem&item_id=13863", + "refsource": "MISC", + "url": "http://savannah.gnu.org/bugs/?func=detailitem&item_id=13863" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3492.json b/2005/3xxx/CVE-2005-3492.json index d3958f558d0..f50d7c263e8 100644 --- a/2005/3xxx/CVE-2005-3492.json +++ b/2005/3xxx/CVE-2005-3492.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3492", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FlatFrag 0.3 and earlier allows remote attackers to cause a denial of service (crash) by sending an NT_CONN_OK command from a client that is not connected, which triggers a null dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051102 Buffer-overflow and crash in FlatFrag 0.3", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113096078606274&w=2" - }, - { - "name" : "20051102 Buffer-overflow and crash in FlatFrag 0.3", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/415636/30/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/flatfragz-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/flatfragz-adv.txt" - }, - { - "name" : "15287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15287" - }, - { - "name" : "ADV-2005-2285", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2285" - }, - { - "name" : "20770", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20770" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FlatFrag 0.3 and earlier allows remote attackers to cause a denial of service (crash) by sending an NT_CONN_OK command from a client that is not connected, which triggers a null dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/flatfragz-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/flatfragz-adv.txt" + }, + { + "name": "ADV-2005-2285", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2285" + }, + { + "name": "15287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15287" + }, + { + "name": "20770", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20770" + }, + { + "name": "20051102 Buffer-overflow and crash in FlatFrag 0.3", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/415636/30/0/threaded" + }, + { + "name": "20051102 Buffer-overflow and crash in FlatFrag 0.3", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=113096078606274&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3573.json b/2005/3xxx/CVE-2005-3573.json index 33b9c21af49..34fc8ac8086 100644 --- a/2005/3xxx/CVE-2005-3573.json +++ b/2005/3xxx/CVE-2005-3573.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Mailman-Users] 20050912 Uncaught runner exception: 'utf8' codeccan'tdecode bytes in position 1-4: invalid data", - "refsource" : "MLIST", - "url" : "http://mail.python.org/pipermail/mailman-users/2005-September/046523.html" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327732", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327732" - }, - { - "name" : "DSA-955", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-955" - }, - { - "name" : "MDKSA-2005:222", - "refsource" : "MANDRIVA", - "url" : "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:222" - }, - { - "name" : "RHSA-2006:0204", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0204.html" - }, - { - "name" : "20060401-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U" - }, - { - "name" : "SUSE-SR:2006:001", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0003.html" - }, - { - "name" : "2006-0012", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0012/" - }, - { - "name" : "USN-242-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-242-1" - }, - { - "name" : "15408", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15408" - }, - { - "name" : "oval:org.mitre.oval:def:10038", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10038" - }, - { - "name" : "ADV-2005-2404", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2404" - }, - { - "name" : "20819", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20819" - }, - { - "name" : "1015735", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015735" - }, - { - "name" : "17511", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17511" - }, - { - "name" : "17874", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17874" - }, - { - "name" : "18503", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18503" - }, - { - "name" : "18612", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18612" - }, - { - "name" : "19167", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19167" - }, - { - "name" : "19196", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19196" - }, - { - "name" : "18456", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18456" - }, - { - "name" : "19532", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19532" - }, - { - "name" : "mailman-utf8-scrubber-dos(23139)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23139" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19167", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19167" + }, + { + "name": "USN-242-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-242-1" + }, + { + "name": "18503", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18503" + }, + { + "name": "ADV-2005-2404", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2404" + }, + { + "name": "20060401-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U" + }, + { + "name": "2006-0012", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0012/" + }, + { + "name": "RHSA-2006:0204", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0204.html" + }, + { + "name": "oval:org.mitre.oval:def:10038", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10038" + }, + { + "name": "20819", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20819" + }, + { + "name": "mailman-utf8-scrubber-dos(23139)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23139" + }, + { + "name": "18456", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18456" + }, + { + "name": "1015735", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015735" + }, + { + "name": "SUSE-SR:2006:001", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0003.html" + }, + { + "name": "17874", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17874" + }, + { + "name": "19532", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19532" + }, + { + "name": "MDKSA-2005:222", + "refsource": "MANDRIVA", + "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:222" + }, + { + "name": "15408", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15408" + }, + { + "name": "18612", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18612" + }, + { + "name": "17511", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17511" + }, + { + "name": "[Mailman-Users] 20050912 Uncaught runner exception: 'utf8' codeccan'tdecode bytes in position 1-4: invalid data", + "refsource": "MLIST", + "url": "http://mail.python.org/pipermail/mailman-users/2005-September/046523.html" + }, + { + "name": "19196", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19196" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327732", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327732" + }, + { + "name": "DSA-955", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-955" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5112.json b/2007/5xxx/CVE-2007-5112.json index 2f59f496b90..47ad5837610 100644 --- a/2007/5xxx/CVE-2007-5112.json +++ b/2007/5xxx/CVE-2007-5112.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in session.cgi (aka the login page) in Google Urchin 5 5.7.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, a different vulnerability than CVE-2007-4713. NOTE: this can be leveraged to capture login credentials in some browsers that support remembered (auto-completed) passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070924 Google Urchin password theft madness", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/480469/100/0/threaded" - }, - { - "name" : "20071010 Vulnerabilities digest", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482006/100/0/threaded" - }, - { - "name" : "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/", - "refsource" : "MISC", - "url" : "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/" - }, - { - "name" : "http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/", - "refsource" : "MISC", - "url" : "http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/" - }, - { - "name" : "http://websecurity.com.ua/1283/", - "refsource" : "MISC", - "url" : "http://websecurity.com.ua/1283/" - }, - { - "name" : "http://www.gnucitizen.org/blog/google-urchin-password-theft-madness", - "refsource" : "MISC", - "url" : "http://www.gnucitizen.org/blog/google-urchin-password-theft-madness" - }, - { - "name" : "http://securityvulns.ru/Sdocument90.html", - "refsource" : "MISC", - "url" : "http://securityvulns.ru/Sdocument90.html" - }, - { - "name" : "25788", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25788" - }, - { - "name" : "38578", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38578" - }, - { - "name" : "3177", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3177" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in session.cgi (aka the login page) in Google Urchin 5 5.7.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, a different vulnerability than CVE-2007-4713. NOTE: this can be leveraged to capture login credentials in some browsers that support remembered (auto-completed) passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://securityvulns.ru/Sdocument90.html", + "refsource": "MISC", + "url": "http://securityvulns.ru/Sdocument90.html" + }, + { + "name": "38578", + "refsource": "OSVDB", + "url": "http://osvdb.org/38578" + }, + { + "name": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/", + "refsource": "MISC", + "url": "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/" + }, + { + "name": "20070924 Google Urchin password theft madness", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/480469/100/0/threaded" + }, + { + "name": "http://www.gnucitizen.org/blog/google-urchin-password-theft-madness", + "refsource": "MISC", + "url": "http://www.gnucitizen.org/blog/google-urchin-password-theft-madness" + }, + { + "name": "http://websecurity.com.ua/1283/", + "refsource": "MISC", + "url": "http://websecurity.com.ua/1283/" + }, + { + "name": "20071010 Vulnerabilities digest", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded" + }, + { + "name": "3177", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3177" + }, + { + "name": "http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/", + "refsource": "MISC", + "url": "http://hackademix.net/2007/09/24/googhole-xss-pwning-gmail-picasa-and-almost-200k-customers/" + }, + { + "name": "25788", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25788" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5120.json b/2007/5xxx/CVE-2007-5120.json index c958f7138a4..61270a82dc6 100644 --- a/2007/5xxx/CVE-2007-5120.json +++ b/2007/5xxx/CVE-2007-5120.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote attackers to inject arbitrary web script or HTML via the (1) group and (2) members parameters in (a) NewGroup.jsp; the (3) edittime parameter in (b) Edit.jsp; the (4) edittime, (5) author, and (6) link parameters in (c) Comment.jsp; the (7) loginname, (8) wikiname, (9) fullname, and (10) email parameters in (d) UserPreferences.jsp and (e) Login.jsp; the (11) r1 and (12) r2 parameters in (f) Diff.jsp; and the (13) changenote parameter in (g) PageInfo.jsp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070925 JSPWiki Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/480570/100/0/threaded" - }, - { - "name" : "20070924 JSPWiki Multiple Input Validation Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/066096.html" - }, - { - "name" : "http://www.ecyrd.com/~jalkanen/JSPWiki/2.4.104/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://www.ecyrd.com/~jalkanen/JSPWiki/2.4.104/ChangeLog" - }, - { - "name" : "25803", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25803" - }, - { - "name" : "26961", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26961" - }, - { - "name" : "3167", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3167" - }, - { - "name" : "jspwiki-multiple-xss(36766)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36766" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote attackers to inject arbitrary web script or HTML via the (1) group and (2) members parameters in (a) NewGroup.jsp; the (3) edittime parameter in (b) Edit.jsp; the (4) edittime, (5) author, and (6) link parameters in (c) Comment.jsp; the (7) loginname, (8) wikiname, (9) fullname, and (10) email parameters in (d) UserPreferences.jsp and (e) Login.jsp; the (11) r1 and (12) r2 parameters in (f) Diff.jsp; and the (13) changenote parameter in (g) PageInfo.jsp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25803", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25803" + }, + { + "name": "20070925 JSPWiki Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/480570/100/0/threaded" + }, + { + "name": "http://www.ecyrd.com/~jalkanen/JSPWiki/2.4.104/ChangeLog", + "refsource": "CONFIRM", + "url": "http://www.ecyrd.com/~jalkanen/JSPWiki/2.4.104/ChangeLog" + }, + { + "name": "3167", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3167" + }, + { + "name": "jspwiki-multiple-xss(36766)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36766" + }, + { + "name": "20070924 JSPWiki Multiple Input Validation Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/066096.html" + }, + { + "name": "26961", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26961" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2156.json b/2009/2xxx/CVE-2009-2156.json index 2d8cfad036c..9dc32d463c8 100644 --- a/2009/2xxx/CVE-2009-2156.json +++ b/2009/2xxx/CVE-2009-2156.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Title field to requests.php, related to viewrequests.php; and (2) the Torrent Name field to torrents-upload.php, related to the logging of torrent uploads; and allow remote attackers to inject arbitrary web script or HTML via (3) the ttversion parameter to themes/default/footer.php, the (4) SITENAME and (5) CURUSER[username] parameters to themes/default/header.php, (6) the todayactive parameter to visitorstoday.php, (7) the activepeople parameter to visitorsnow.php, (8) the faq_categ[999][title] parameter to faq.php, and (9) the keepget parameter to torrents-details.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090615 [waraxe-2009-SA#074] - Multiple Vulnerabilities in TorrentTrader Classic 1.09", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504294/100/0/threaded" - }, - { - "name" : "8958", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8958" - }, - { - "name" : "http://www.waraxe.us/advisory-74.html", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/advisory-74.html" - }, - { - "name" : "35369", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35369" - }, - { - "name" : "35456", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35456" - }, - { - "name" : "torrenttrader-multiplescripts-xss(51145)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51145" - }, - { - "name" : "torrenttrader-viewrequests-xss(51144)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Title field to requests.php, related to viewrequests.php; and (2) the Torrent Name field to torrents-upload.php, related to the logging of torrent uploads; and allow remote attackers to inject arbitrary web script or HTML via (3) the ttversion parameter to themes/default/footer.php, the (4) SITENAME and (5) CURUSER[username] parameters to themes/default/header.php, (6) the todayactive parameter to visitorstoday.php, (7) the activepeople parameter to visitorsnow.php, (8) the faq_categ[999][title] parameter to faq.php, and (9) the keepget parameter to torrents-details.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "torrenttrader-multiplescripts-xss(51145)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51145" + }, + { + "name": "35456", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35456" + }, + { + "name": "35369", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35369" + }, + { + "name": "8958", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8958" + }, + { + "name": "20090615 [waraxe-2009-SA#074] - Multiple Vulnerabilities in TorrentTrader Classic 1.09", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504294/100/0/threaded" + }, + { + "name": "torrenttrader-viewrequests-xss(51144)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51144" + }, + { + "name": "http://www.waraxe.us/advisory-74.html", + "refsource": "MISC", + "url": "http://www.waraxe.us/advisory-74.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2303.json b/2009/2xxx/CVE-2009-2303.json index dad682c2299..a812d45921d 100644 --- a/2009/2xxx/CVE-2009-2303.json +++ b/2009/2xxx/CVE-2009-2303.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote attackers to obtain sensitive information via a negative integer value for the start parameter in a search action, which reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090625 Report vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504574/100/0/threaded" - }, - { - "name" : "http://websec.id3as.com/aardvark-topsites-php-521-security-vulnerabilities-disclosure/", - "refsource" : "MISC", - "url" : "http://websec.id3as.com/aardvark-topsites-php-521-security-vulnerabilities-disclosure/" - }, - { - "name" : "aardvarktopsitesphp-index-info-disclosure(51392)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51392" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote attackers to obtain sensitive information via a negative integer value for the start parameter in a search action, which reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090625 Report vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504574/100/0/threaded" + }, + { + "name": "aardvarktopsitesphp-index-info-disclosure(51392)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51392" + }, + { + "name": "http://websec.id3as.com/aardvark-topsites-php-521-security-vulnerabilities-disclosure/", + "refsource": "MISC", + "url": "http://websec.id3as.com/aardvark-topsites-php-521-security-vulnerabilities-disclosure/" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2851.json b/2009/2xxx/CVE-2009-2851.json index d25edce6859..e8d0e79ac68 100644 --- a/2009/2xxx/CVE-2009-2851.json +++ b/2009/2xxx/CVE-2009-2851.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090721 CVE Request -- WordPress", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/07/21/1" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=278492", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=278492" - }, - { - "name" : "http://wordpress.org/development/2009/07/wordpress-2-8-2/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/development/2009/07/wordpress-2-8-2/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=512900", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=512900" - }, - { - "name" : "DSA-1871", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1871" - }, - { - "name" : "FEDORA-2009-8109", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01241.html" - }, - { - "name" : "FEDORA-2009-8114", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01253.html" - }, - { - "name" : "1022589", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022589" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20090721 CVE Request -- WordPress", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/07/21/1" + }, + { + "name": "FEDORA-2009-8114", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01253.html" + }, + { + "name": "DSA-1871", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1871" + }, + { + "name": "http://wordpress.org/development/2009/07/wordpress-2-8-2/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/development/2009/07/wordpress-2-8-2/" + }, + { + "name": "FEDORA-2009-8109", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01241.html" + }, + { + "name": "1022589", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022589" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=278492", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=278492" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=512900", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512900" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3685.json b/2009/3xxx/CVE-2009-3685.json index 36e76d8416a..59d29ab86b6 100644 --- a/2009/3xxx/CVE-2009-3685.json +++ b/2009/3xxx/CVE-2009-3685.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3685", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2009-3685", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3935.json b/2009/3xxx/CVE-2009-3935.json index 7642efbd722..08b3824fb5b 100644 --- a/2009/3xxx/CVE-2009-3935.json +++ b/2009/3xxx/CVE-2009-3935.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the Advanced Management Module firmware before 2.50G for the IBM BladeCenter T 8720-2xx and 8730-2xx have unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://download2.boulder.ibm.com/ecc/sar/CMA/XSA/00pj6/0/ibm_fw_amm_bbet50g_anyos_noarch.chg", - "refsource" : "CONFIRM", - "url" : "ftp://download2.boulder.ibm.com/ecc/sar/CMA/XSA/00pj6/0/ibm_fw_amm_bbet50g_anyos_noarch.chg" - }, - { - "name" : "36970", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36970" - }, - { - "name" : "ADV-2009-3188", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3188" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the Advanced Management Module firmware before 2.50G for the IBM BladeCenter T 8720-2xx and 8730-2xx have unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36970", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36970" + }, + { + "name": "ADV-2009-3188", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3188" + }, + { + "name": "ftp://download2.boulder.ibm.com/ecc/sar/CMA/XSA/00pj6/0/ibm_fw_amm_bbet50g_anyos_noarch.chg", + "refsource": "CONFIRM", + "url": "ftp://download2.boulder.ibm.com/ecc/sar/CMA/XSA/00pj6/0/ibm_fw_amm_bbet50g_anyos_noarch.chg" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0008.json b/2015/0xxx/CVE-2015-0008.json index 6cf8f84e501..1217bbd31a3 100644 --- a/2015/0xxx/CVE-2015-0008.json +++ b/2015/0xxx/CVE-2015-0008.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka \"Group Policy Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-0008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.jasadvisors.com/additonal-jasbug-security-exploit-info/", - "refsource" : "MISC", - "url" : "https://www.jasadvisors.com/additonal-jasbug-security-exploit-info/" - }, - { - "name" : "http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx" - }, - { - "name" : "MS15-011", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-011" - }, - { - "name" : "VU#787252", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/787252" - }, - { - "name" : "72477", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72477" - }, - { - "name" : "1031719", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031719" - }, - { - "name" : "ms-grouppolicy-cve20150008-code-exec(100426)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka \"Group Policy Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-011", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-011" + }, + { + "name": "VU#787252", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/787252" + }, + { + "name": "ms-grouppolicy-cve20150008-code-exec(100426)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100426" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx" + }, + { + "name": "1031719", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031719" + }, + { + "name": "72477", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72477" + }, + { + "name": "https://www.jasadvisors.com/additonal-jasbug-security-exploit-info/", + "refsource": "MISC", + "url": "https://www.jasadvisors.com/additonal-jasbug-security-exploit-info/" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0873.json b/2015/0xxx/CVE-2015-0873.json index 31144d31f4d..51c34909b43 100644 --- a/2015/0xxx/CVE-2015-0873.json +++ b/2015/0xxx/CVE-2015-0873.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlTreeBBS 2.30 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-0873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#96155055", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN96155055/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlTreeBBS 2.30 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#96155055", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN96155055/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0980.json b/2015/0xxx/CVE-2015-0980.json index e49abc65f74..8052fb37fb8 100644 --- a/2015/0xxx/CVE-2015-0980.json +++ b/2015/0xxx/CVE-2015-0980.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in BACnOPCServer.exe in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via format string specifiers in a request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2015-0980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-069-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-069-03" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in BACnOPCServer.exe in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via format string specifiers in a request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-069-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-069-03" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4173.json b/2015/4xxx/CVE-2015-4173.json index 73939525332..189acf77f13 100644 --- a/2015/4xxx/CVE-2015-4173.json +++ b/2015/4xxx/CVE-2015-4173.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150824 Dell SonicWall NetExtender Unquoted Autorun Privilege Escalation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536303/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/133302/Dell-SonicWall-NetExtender-7.5.215-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133302/Dell-SonicWall-NetExtender-7.5.215-Privilege-Escalation.html" - }, - { - "name" : "https://support.software.dell.com/product-notification/157537", - "refsource" : "CONFIRM", - "url" : "https://support.software.dell.com/product-notification/157537" - }, - { - "name" : "1033417", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/133302/Dell-SonicWall-NetExtender-7.5.215-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133302/Dell-SonicWall-NetExtender-7.5.215-Privilege-Escalation.html" + }, + { + "name": "20150824 Dell SonicWall NetExtender Unquoted Autorun Privilege Escalation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536303/100/0/threaded" + }, + { + "name": "1033417", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033417" + }, + { + "name": "https://support.software.dell.com/product-notification/157537", + "refsource": "CONFIRM", + "url": "https://support.software.dell.com/product-notification/157537" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4851.json b/2015/4xxx/CVE-2015-4851.json index a50c2e7f98d..2ba6306c909 100644 --- a/2015/4xxx/CVE-2015-4851.json +++ b/2015/4xxx/CVE-2015-4851.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle iSupplier Portal component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to XML input. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability, which allows remote attackers to read arbitrary files, cause a denial of service, or conduct SMB Relay attacks via a crafted DTD in an XML request to OA_HTML/oramipp_lpr." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151029 [ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536790/100/0/threaded" - }, - { - "name" : "20151030 [ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Oct/113" - }, - { - "name" : "https://erpscan.io/advisories/erpscan-15-030-oracle-e-business-suite-xxe/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-15-030-oracle-e-business-suite-xxe/" - }, - { - "name" : "http://packetstormsecurity.com/files/134119/Oracle-E-Business-Suite-12.1.3-XXE-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/134119/Oracle-E-Business-Suite-12.1.3-XXE-Injection.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "77244", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77244" - }, - { - "name" : "1033877", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033877" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle iSupplier Portal component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to XML input. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability, which allows remote attackers to read arbitrary files, cause a denial of service, or conduct SMB Relay attacks via a crafted DTD in an XML request to OA_HTML/oramipp_lpr." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033877", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033877" + }, + { + "name": "https://erpscan.io/advisories/erpscan-15-030-oracle-e-business-suite-xxe/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-15-030-oracle-e-business-suite-xxe/" + }, + { + "name": "20151030 [ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Oct/113" + }, + { + "name": "http://packetstormsecurity.com/files/134119/Oracle-E-Business-Suite-12.1.3-XXE-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/134119/Oracle-E-Business-Suite-12.1.3-XXE-Injection.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "77244", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77244" + }, + { + "name": "20151029 [ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536790/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4880.json b/2015/4xxx/CVE-2015-4880.json index 6394556f272..c38f29e4459 100644 --- a/2015/4xxx/CVE-2015-4880.json +++ b/2015/4xxx/CVE-2015-4880.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4880", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 allows remote attackers to affect integrity via unknown vectors related to Content Server, a different vulnerability than CVE-2015-4867." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "1033898", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 allows remote attackers to affect integrity via unknown vectors related to Content Server, a different vulnerability than CVE-2015-4867." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "1033898", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033898" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4900.json b/2015/4xxx/CVE-2015-4900.json index 032853bf08f..19cc78d2e6f 100644 --- a/2015/4xxx/CVE-2015-4900.json +++ b/2015/4xxx/CVE-2015-4900.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4900", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "1033883", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033883" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033883", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033883" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8132.json b/2015/8xxx/CVE-2015-8132.json index 5cf7bb3fa7a..1776afdb88d 100644 --- a/2015/8xxx/CVE-2015-8132.json +++ b/2015/8xxx/CVE-2015-8132.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8132", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7263. Reason: This candidate is a reservation duplicate of CVE-2015-7263. Notes: All CVE users should reference CVE-2015-7263 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-8132", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7263. Reason: This candidate is a reservation duplicate of CVE-2015-7263. Notes: All CVE users should reference CVE-2015-7263 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8347.json b/2015/8xxx/CVE-2015-8347.json index ffe5df14b20..f7673ae117b 100644 --- a/2015/8xxx/CVE-2015-8347.json +++ b/2015/8xxx/CVE-2015-8347.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8347", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8347", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8788.json b/2015/8xxx/CVE-2015-8788.json index a349dbe257c..0a7eab523f4 100644 --- a/2015/8xxx/CVE-2015-8788.json +++ b/2015/8xxx/CVE-2015-8788.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8788", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8788", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8833.json b/2015/8xxx/CVE-2015-8833.json index b2d4822f164..131f3ea2c21 100644 --- a/2015/8xxx/CVE-2015-8833.json +++ b/2015/8xxx/CVE-2015-8833.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the \"Authenticate buddy\" menu item." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[OTR-users] 20160309 New releases of libotr (4.1.1) and pidgin-otr (4.0.2) available", - "refsource" : "MLIST", - "url" : "https://lists.cypherpunks.ca/pipermail/otr-users/2016-March/002582.html" - }, - { - "name" : "[oss-security] 20160309 Heap use after free in Pidgin-OTR plugin", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/03/09/8" - }, - { - "name" : "[oss-security] 20160309 Re: Heap use after free in Pidgin-OTR plugin", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/03/09/13" - }, - { - "name" : "https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin-CVE-2015-8833.html", - "refsource" : "MISC", - "url" : "https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin-CVE-2015-8833.html" - }, - { - "name" : "https://bugs.otr.im/issues/128", - "refsource" : "CONFIRM", - "url" : "https://bugs.otr.im/issues/128" - }, - { - "name" : "https://bugs.otr.im/issues/88", - "refsource" : "CONFIRM", - "url" : "https://bugs.otr.im/issues/88" - }, - { - "name" : "https://bugs.otr.im/projects/pidgin-otr/repository/revisions/aaf551b9dd5cbba8c4abaa3d4dc7ead860efef94", - "refsource" : "CONFIRM", - "url" : "https://bugs.otr.im/projects/pidgin-otr/repository/revisions/aaf551b9dd5cbba8c4abaa3d4dc7ead860efef94" - }, - { - "name" : "DSA-3528", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3528" - }, - { - "name" : "GLSA-201701-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-10" - }, - { - "name" : "SUSE-SU-2016:0912", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00095.html" - }, - { - "name" : "openSUSE-SU-2016:0878", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00109.html" - }, - { - "name" : "84295", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84295" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the \"Authenticate buddy\" menu item." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3528", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3528" + }, + { + "name": "SUSE-SU-2016:0912", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00095.html" + }, + { + "name": "[OTR-users] 20160309 New releases of libotr (4.1.1) and pidgin-otr (4.0.2) available", + "refsource": "MLIST", + "url": "https://lists.cypherpunks.ca/pipermail/otr-users/2016-March/002582.html" + }, + { + "name": "https://bugs.otr.im/projects/pidgin-otr/repository/revisions/aaf551b9dd5cbba8c4abaa3d4dc7ead860efef94", + "refsource": "CONFIRM", + "url": "https://bugs.otr.im/projects/pidgin-otr/repository/revisions/aaf551b9dd5cbba8c4abaa3d4dc7ead860efef94" + }, + { + "name": "https://bugs.otr.im/issues/128", + "refsource": "CONFIRM", + "url": "https://bugs.otr.im/issues/128" + }, + { + "name": "https://bugs.otr.im/issues/88", + "refsource": "CONFIRM", + "url": "https://bugs.otr.im/issues/88" + }, + { + "name": "https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin-CVE-2015-8833.html", + "refsource": "MISC", + "url": "https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin-CVE-2015-8833.html" + }, + { + "name": "GLSA-201701-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-10" + }, + { + "name": "openSUSE-SU-2016:0878", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00109.html" + }, + { + "name": "[oss-security] 20160309 Re: Heap use after free in Pidgin-OTR plugin", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/03/09/13" + }, + { + "name": "84295", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84295" + }, + { + "name": "[oss-security] 20160309 Heap use after free in Pidgin-OTR plugin", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/03/09/8" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8857.json b/2015/8xxx/CVE-2015-8857.json index 7aadbc7410f..29c84984c54 100644 --- a/2015/8xxx/CVE-2015-8857.json +++ b/2015/8xxx/CVE-2015-8857.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8857", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8857", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160420 various vulnerabilities in Node.js packages", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/04/20/11" - }, - { - "name" : "https://nodesecurity.io/advisories/39", - "refsource" : "CONFIRM", - "url" : "https://nodesecurity.io/advisories/39" - }, - { - "name" : "96410", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96410" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96410", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96410" + }, + { + "name": "https://nodesecurity.io/advisories/39", + "refsource": "CONFIRM", + "url": "https://nodesecurity.io/advisories/39" + }, + { + "name": "[oss-security] 20160420 various vulnerabilities in Node.js packages", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/04/20/11" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9124.json b/2015/9xxx/CVE-2015-9124.json index bbc11a600ce..3e8e59ce44e 100644 --- a/2015/9xxx/CVE-2015-9124.json +++ b/2015/9xxx/CVE-2015-9124.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2015-9124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9625, MDM9635M, MDM9640, MDM9645, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, SD 810" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, MDM9640, MDM9645, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, and SD 810, the device may crash while accessing an invalid pointer or expose otherwise inaccessible memory contents." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure in Core." - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2015-9124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "MDM9625, MDM9635M, MDM9640, MDM9645, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, SD 810" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, MDM9640, MDM9645, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, and SD 810, the device may crash while accessing an invalid pointer or expose otherwise inaccessible memory contents." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure in Core." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5699.json b/2016/5xxx/CVE-2016-5699.json index 8a991e853cf..56349327ac8 100644 --- a/2016/5xxx/CVE-2016-5699.json +++ b/2016/5xxx/CVE-2016-5699.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-5699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160614 CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/14/7" - }, - { - "name" : "[oss-security] 20160615 Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/15/12" - }, - { - "name" : "[oss-security] 20160616 Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/16/2" - }, - { - "name" : "[debian-lts-announce] 20190207 [SECURITY] [DLA 1663-1] python3.4 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html" - }, - { - "name" : "http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html", - "refsource" : "MISC", - "url" : "http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html" - }, - { - "name" : "https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-4", - "refsource" : "CONFIRM", - "url" : "https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-4" - }, - { - "name" : "https://hg.python.org/cpython/raw-file/v2.7.10/Misc/NEWS", - "refsource" : "CONFIRM", - "url" : "https://hg.python.org/cpython/raw-file/v2.7.10/Misc/NEWS" - }, - { - "name" : "https://hg.python.org/cpython/rev/1c45047c5102", - "refsource" : "CONFIRM", - "url" : "https://hg.python.org/cpython/rev/1c45047c5102" - }, - { - "name" : "https://hg.python.org/cpython/rev/bf3e1c9b80e9", - "refsource" : "CONFIRM", - "url" : "https://hg.python.org/cpython/rev/bf3e1c9b80e9" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" - }, - { - "name" : "http://www.splunk.com/view/SP-CAAAPSV", - "refsource" : "CONFIRM", - "url" : "http://www.splunk.com/view/SP-CAAAPSV" - }, - { - "name" : "http://www.splunk.com/view/SP-CAAAPUE", - "refsource" : "CONFIRM", - "url" : "http://www.splunk.com/view/SP-CAAAPUE" - }, - { - "name" : "RHSA-2016:1626", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1626.html" - }, - { - "name" : "RHSA-2016:1627", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1627.html" - }, - { - "name" : "RHSA-2016:1628", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1628.html" - }, - { - "name" : "RHSA-2016:1629", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1629.html" - }, - { - "name" : "RHSA-2016:1630", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1630.html" - }, - { - "name" : "91226", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91226" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.splunk.com/view/SP-CAAAPUE", + "refsource": "CONFIRM", + "url": "http://www.splunk.com/view/SP-CAAAPUE" + }, + { + "name": "https://hg.python.org/cpython/rev/1c45047c5102", + "refsource": "CONFIRM", + "url": "https://hg.python.org/cpython/rev/1c45047c5102" + }, + { + "name": "RHSA-2016:1630", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1630.html" + }, + { + "name": "RHSA-2016:1627", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1627.html" + }, + { + "name": "https://hg.python.org/cpython/rev/bf3e1c9b80e9", + "refsource": "CONFIRM", + "url": "https://hg.python.org/cpython/rev/bf3e1c9b80e9" + }, + { + "name": "RHSA-2016:1629", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1629.html" + }, + { + "name": "http://www.splunk.com/view/SP-CAAAPSV", + "refsource": "CONFIRM", + "url": "http://www.splunk.com/view/SP-CAAAPSV" + }, + { + "name": "[oss-security] 20160616 Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/16/2" + }, + { + "name": "[debian-lts-announce] 20190207 [SECURITY] [DLA 1663-1] python3.4 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" + }, + { + "name": "https://hg.python.org/cpython/raw-file/v2.7.10/Misc/NEWS", + "refsource": "CONFIRM", + "url": "https://hg.python.org/cpython/raw-file/v2.7.10/Misc/NEWS" + }, + { + "name": "https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-4", + "refsource": "CONFIRM", + "url": "https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-4" + }, + { + "name": "[oss-security] 20160615 Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/15/12" + }, + { + "name": "http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html", + "refsource": "MISC", + "url": "http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html" + }, + { + "name": "[oss-security] 20160614 CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/14/7" + }, + { + "name": "91226", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91226" + }, + { + "name": "RHSA-2016:1628", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1628.html" + }, + { + "name": "RHSA-2016:1626", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1626.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/1002xxx/CVE-2018-1002104.json b/2018/1002xxx/CVE-2018-1002104.json index 01690905756..b19f709f74a 100644 --- a/2018/1002xxx/CVE-2018-1002104.json +++ b/2018/1002xxx/CVE-2018-1002104.json @@ -1,19 +1,19 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_ASSIGNED" : "2018-09-26", - "ID" : "CVE-2018-1002104", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-09-26", + "ID": "CVE-2018-1002104", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1999xxx/CVE-2018-1999018.json b/2018/1999xxx/CVE-2018-1999018.json index 0a62945b101..cf1dd3b3572 100644 --- a/2018/1999xxx/CVE-2018-1999018.json +++ b/2018/1999xxx/CVE-2018-1999018.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-07-20T20:44:32.985224", - "DATE_REQUESTED" : "2018-07-17T04:00:28", - "ID" : "CVE-2018-1999018", - "REQUESTER" : "mike.gualtieri@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Pydio", - "version" : { - "version_data" : [ - { - "version_value" : "8.2.1 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Pydio" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution (RCE) vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow($nodeObject) that can result in An attacker gaining admin access and can then execute arbitrary commands on the underlying OS. This attack appear to be exploitable via The attacker edits the Antivirus Command in the antivirus plugin, and executes the payload by uploading any file within Pydio." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Unvalidated user input leading to Remote Code Execution (RCE)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-07-20T20:44:32.985224", + "DATE_REQUESTED": "2018-07-17T04:00:28", + "ID": "CVE-2018-1999018", + "REQUESTER": "mike.gualtieri@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mike-gualtieri.com/files/Pydio-8-VulnerabilityDisclosure-Jul18.txt", - "refsource" : "MISC", - "url" : "https://www.mike-gualtieri.com/files/Pydio-8-VulnerabilityDisclosure-Jul18.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution (RCE) vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow($nodeObject) that can result in An attacker gaining admin access and can then execute arbitrary commands on the underlying OS. This attack appear to be exploitable via The attacker edits the Antivirus Command in the antivirus plugin, and executes the payload by uploading any file within Pydio." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mike-gualtieri.com/files/Pydio-8-VulnerabilityDisclosure-Jul18.txt", + "refsource": "MISC", + "url": "https://www.mike-gualtieri.com/files/Pydio-8-VulnerabilityDisclosure-Jul18.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2664.json b/2018/2xxx/CVE-2018-2664.json index b2b5c38a3c8..5893c3aaa7d 100644 --- a/2018/2xxx/CVE-2018-2664.json +++ b/2018/2xxx/CVE-2018-2664.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sun ZFS Storage Appliance Kit (AK) Software", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "8.7.13" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is Prior to 8.7.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK)." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sun ZFS Storage Appliance Kit (AK) Software", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.7.13" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102594", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102594" - }, - { - "name" : "1040215", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is Prior to 8.7.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK)." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "1040215", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040215" + }, + { + "name": "102594", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102594" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6639.json b/2018/6xxx/CVE-2018-6639.json index cac438287f0..265b6e2fa19 100644 --- a/2018/6xxx/CVE-2018-6639.json +++ b/2018/6xxx/CVE-2018-6639.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An out-of-bounds write (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. A size used by memmove is read from the input file. This is fixed in 6.9d." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.dessci.com/en/dl/", - "refsource" : "MISC", - "url" : "http://www.dessci.com/en/dl/" - }, - { - "name" : "https://drive.google.com/open?id=175_n6KhbOUlu9l0ySw-8QYk0oQbAaoZV", - "refsource" : "MISC", - "url" : "https://drive.google.com/open?id=175_n6KhbOUlu9l0ySw-8QYk0oQbAaoZV" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An out-of-bounds write (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. A size used by memmove is read from the input file. This is fixed in 6.9d." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://drive.google.com/open?id=175_n6KhbOUlu9l0ySw-8QYk0oQbAaoZV", + "refsource": "MISC", + "url": "https://drive.google.com/open?id=175_n6KhbOUlu9l0ySw-8QYk0oQbAaoZV" + }, + { + "name": "http://www.dessci.com/en/dl/", + "refsource": "MISC", + "url": "http://www.dessci.com/en/dl/" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6692.json b/2018/6xxx/CVE-2018-6692.json index 8d733511ede..5ecedae11bc 100644 --- a/2018/6xxx/CVE-2018-6692.json +++ b/2018/6xxx/CVE-2018-6692.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@mcafee.com", - "ID" : "CVE-2018-6692", - "STATE" : "PUBLIC", - "TITLE" : "Wemo Insight Smart Plug - Remote Code Execution vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Wemo Insight Smart Plug ", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "platform" : "MIPS", - "version_name" : "WeMo_WW_2.00.11054.PVT-OWRT-Insight", - "version_value" : "2.00.11054" - } - ] - } - } - ] - }, - "vendor_name" : "Belkin" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Doug McKee and the McAfee Advanced Threat Research team." - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local security protection via a crafted HTTP post packet." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 5.9, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "NONE", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Stack-based Buffer Overflow vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@mcafee.com", + "ID": "CVE-2018-6692", + "STATE": "PUBLIC", + "TITLE": "Wemo Insight Smart Plug - Remote Code Execution vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Wemo Insight Smart Plug ", + "version": { + "version_data": [ + { + "affected": "<=", + "platform": "MIPS", + "version_name": "WeMo_WW_2.00.11054.PVT-OWRT-Insight", + "version_value": "2.00.11054" + } + ] + } + } + ] + }, + "vendor_name": "Belkin" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://securingtomorrow.mcafee.com/mcafee-labs/insight-into-home-automation-reveals-vulnerability-in-simple-iot-product", - "refsource" : "CONFIRM", - "url" : "https://securingtomorrow.mcafee.com/mcafee-labs/insight-into-home-automation-reveals-vulnerability-in-simple-iot-product" - } - ] - }, - "source" : { - "discovery" : "EXTERNAL" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Doug McKee and the McAfee Advanced Threat Research team." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local security protection via a crafted HTTP post packet." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://securingtomorrow.mcafee.com/mcafee-labs/insight-into-home-automation-reveals-vulnerability-in-simple-iot-product", + "refsource": "CONFIRM", + "url": "https://securingtomorrow.mcafee.com/mcafee-labs/insight-into-home-automation-reveals-vulnerability-in-simple-iot-product" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7114.json b/2018/7xxx/CVE-2018-7114.json index 8b91cf655dc..78cfad37793 100644 --- a/2018/7xxx/CVE-2018-7114.json +++ b/2018/7xxx/CVE-2018-7114.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "ID" : "CVE-2018-7114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HPE Intelligent Management Center (IMC)", - "version" : { - "version_data" : [ - { - "version_value" : "prior to IMC PLAT 7.3 (E0605P06)" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to remote buffer overflow in dbman leading to code execution. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "ID": "CVE-2018-7114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HPE Intelligent Management Center (IMC)", + "version": { + "version_data": [ + { + "version_value": "prior to IMC PLAT 7.3 (E0605P06)" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03906en_us", - "refsource" : "MISC", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03906en_us" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03906en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03906en_us" - }, - { - "name" : "106211", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106211" - }, - { - "name" : "1042182", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to remote buffer overflow in dbman leading to code execution. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1042182", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042182" + }, + { + "name": "106211", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106211" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03906en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03906en_us" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03906en_us", + "refsource": "MISC", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03906en_us" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7178.json b/2018/7xxx/CVE-2018-7178.json index 92839b39fb2..3ae63ef1744 100644 --- a/2018/7xxx/CVE-2018-7178.json +++ b/2018/7xxx/CVE-2018-7178.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44136", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44136", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44136" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7610.json b/2018/7xxx/CVE-2018-7610.json index 9728498072b..cab78d3e5f3 100644 --- a/2018/7xxx/CVE-2018-7610.json +++ b/2018/7xxx/CVE-2018-7610.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7610", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7610", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1189.json b/2019/1xxx/CVE-2019-1189.json index a2a4fb02c10..fca23a09011 100644 --- a/2019/1xxx/CVE-2019-1189.json +++ b/2019/1xxx/CVE-2019-1189.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1189", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1189", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1586.json b/2019/1xxx/CVE-2019-1586.json index e7b4dc69a48..b074e3081f2 100644 --- a/2019/1xxx/CVE-2019-1586.json +++ b/2019/1xxx/CVE-2019-1586.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1586", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1586", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1678.json b/2019/1xxx/CVE-2019-1678.json index cd9cecea902..d09ed4b93fd 100644 --- a/2019/1xxx/CVE-2019-1678.json +++ b/2019/1xxx/CVE-2019-1678.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2019-02-06T16:00:00-0800", - "ID" : "CVE-2019-1678", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Meeting Server Denial of Service Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Meeting Server ", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "2.4.3" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco Meeting Server could allow an authenticated, remote attacker to cause a partial denial of service (DoS) to Cisco Meetings application users who are paired with a Session Initiation Protocol (SIP) endpoint. The vulnerability is due to improper validation of coSpaces configuration parameters. An attacker could exploit this vulnerability by inserting crafted strings in specific coSpace parameters. An exploit could allow the attacker to prevent clients from joining a conference call in the affected coSpace. Versions prior to 2.4.3 are affected." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "4.3", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-02-06T16:00:00-0800", + "ID": "CVE-2019-1678", + "STATE": "PUBLIC", + "TITLE": "Cisco Meeting Server Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Meeting Server ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "2.4.3" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20190206 Cisco Meeting Server Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-cms-dos" - }, - { - "name" : "106943", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106943" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20190206-cms-dos", - "defect" : [ - [ - "CSCvn16684" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco Meeting Server could allow an authenticated, remote attacker to cause a partial denial of service (DoS) to Cisco Meetings application users who are paired with a Session Initiation Protocol (SIP) endpoint. The vulnerability is due to improper validation of coSpaces configuration parameters. An attacker could exploit this vulnerability by inserting crafted strings in specific coSpace parameters. An exploit could allow the attacker to prevent clients from joining a conference call in the affected coSpace. Versions prior to 2.4.3 are affected." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106943", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106943" + }, + { + "name": "20190206 Cisco Meeting Server Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-cms-dos" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190206-cms-dos", + "defect": [ + [ + "CSCvn16684" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1889.json b/2019/1xxx/CVE-2019-1889.json index 34e81575861..23182bbfd75 100644 --- a/2019/1xxx/CVE-2019-1889.json +++ b/2019/1xxx/CVE-2019-1889.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1889", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1889", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5211.json b/2019/5xxx/CVE-2019-5211.json index bdc545a8ab2..e711b1fd808 100644 --- a/2019/5xxx/CVE-2019-5211.json +++ b/2019/5xxx/CVE-2019-5211.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5211", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5211", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5442.json b/2019/5xxx/CVE-2019-5442.json index aca78c57717..4766c766b2b 100644 --- a/2019/5xxx/CVE-2019-5442.json +++ b/2019/5xxx/CVE-2019-5442.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5442", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5442", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5595.json b/2019/5xxx/CVE-2019-5595.json index 30d493df698..fbba9750cf1 100644 --- a/2019/5xxx/CVE-2019-5595.json +++ b/2019/5xxx/CVE-2019-5595.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secteam@freebsd.org", - "ID" : "CVE-2019-5595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FreeBSD", - "version" : { - "version_data" : [ - { - "version_value" : "FreeBSD 11.2 before 11.2-RELEASE-p9 and 12.0 before 12.0-RELEASE-p3" - } - ] - } - } - ] - }, - "vendor_name" : "FreeBSD" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Cross-boundary Removal of Sensitive Data" - } + "CVE_data_meta": { + "ASSIGNER": "secteam@freebsd.org", + "ID": "CVE-2019-5595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_value": "FreeBSD 11.2 before 11.2-RELEASE-p9 and 12.0 before 12.0-RELEASE-p3" + } + ] + } + } + ] + }, + "vendor_name": "FreeBSD" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-19:01", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:01.syscall.asc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Cross-boundary Removal of Sensitive Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FreeBSD-SA-19:01", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:01.syscall.asc" + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5866.json b/2019/5xxx/CVE-2019-5866.json index 59be8226d92..319f27aa6e9 100644 --- a/2019/5xxx/CVE-2019-5866.json +++ b/2019/5xxx/CVE-2019-5866.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5866", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5866", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file