From bc45a8c239bcc2e48fa6fb32fba5733c5a1ff6c6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:09:44 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/0xxx/CVE-1999-0069.json | 130 +++++------ 1999/0xxx/CVE-1999-0825.json | 120 +++++----- 1999/1xxx/CVE-1999-1014.json | 150 ++++++------- 2005/2xxx/CVE-2005-2315.json | 150 ++++++------- 2005/2xxx/CVE-2005-2637.json | 150 ++++++------- 2007/1xxx/CVE-2007-1532.json | 170 +++++++------- 2007/5xxx/CVE-2007-5087.json | 170 +++++++------- 2007/5xxx/CVE-2007-5272.json | 160 ++++++------- 2007/5xxx/CVE-2007-5549.json | 130 +++++------ 2007/5xxx/CVE-2007-5940.json | 180 +++++++-------- 2007/5xxx/CVE-2007-5991.json | 150 ++++++------- 2009/2xxx/CVE-2009-2543.json | 150 ++++++------- 2009/2xxx/CVE-2009-2744.json | 150 ++++++------- 2015/0xxx/CVE-2015-0279.json | 150 ++++++------- 2015/0xxx/CVE-2015-0825.json | 200 ++++++++--------- 2015/3xxx/CVE-2015-3024.json | 34 +-- 2015/3xxx/CVE-2015-3216.json | 210 ++++++++--------- 2015/4xxx/CVE-2015-4083.json | 34 +-- 2015/4xxx/CVE-2015-4136.json | 34 +-- 2015/4xxx/CVE-2015-4325.json | 130 +++++------ 2015/4xxx/CVE-2015-4660.json | 150 ++++++------- 2015/8xxx/CVE-2015-8009.json | 140 ++++++------ 2015/8xxx/CVE-2015-8175.json | 34 +-- 2015/8xxx/CVE-2015-8433.json | 210 ++++++++--------- 2015/9xxx/CVE-2015-9003.json | 140 ++++++------ 2015/9xxx/CVE-2015-9186.json | 132 +++++------ 2016/1xxx/CVE-2016-1838.json | 350 ++++++++++++++--------------- 2016/5xxx/CVE-2016-5302.json | 140 ++++++------ 2016/5xxx/CVE-2016-5541.json | 172 +++++++------- 2016/5xxx/CVE-2016-5742.json | 160 ++++++------- 2016/5xxx/CVE-2016-5992.json | 140 ++++++------ 2018/1999xxx/CVE-2018-1999030.json | 126 +++++------ 2018/2xxx/CVE-2018-2178.json | 34 +-- 2018/2xxx/CVE-2018-2304.json | 34 +-- 2018/2xxx/CVE-2018-2818.json | 238 ++++++++++---------- 2018/2xxx/CVE-2018-2968.json | 130 +++++------ 2018/6xxx/CVE-2018-6504.json | 186 +++++++-------- 2018/6xxx/CVE-2018-6781.json | 120 +++++----- 2019/0xxx/CVE-2019-0156.json | 34 +-- 2019/0xxx/CVE-2019-0908.json | 34 +-- 2019/1xxx/CVE-2019-1060.json | 34 +-- 2019/1xxx/CVE-2019-1504.json | 34 +-- 2019/1xxx/CVE-2019-1804.json | 34 +-- 2019/1xxx/CVE-2019-1880.json | 34 +-- 2019/5xxx/CVE-2019-5340.json | 34 +-- 2019/5xxx/CVE-2019-5370.json | 34 +-- 2019/5xxx/CVE-2019-5769.json | 152 ++++++------- 47 files changed, 2906 insertions(+), 2906 deletions(-) diff --git a/1999/0xxx/CVE-1999-0069.json b/1999/0xxx/CVE-1999-0069.json index 06b9620594d..2b0c841c6e3 100644 --- a/1999/0xxx/CVE-1999-0069.json +++ b/1999/0xxx/CVE-1999-0069.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Solaris ufsrestore buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "00169", - "refsource" : "SUN", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/169" - }, - { - "name" : "8158", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Solaris ufsrestore buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8158", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8158" + }, + { + "name": "00169", + "refsource": "SUN", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/169" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0825.json b/1999/0xxx/CVE-1999-0825.json index 1dcd0d84534..9e7f88444e0 100644 --- a/1999/0xxx/CVE-1999-0825.json +++ b/1999/0xxx/CVE-1999-0825.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default permissions for UnixWare /var/mail allow local users to read and modify other users' mail." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "849", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default permissions for UnixWare /var/mail allow local users to read and modify other users' mail." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "849", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/849" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1014.json b/1999/1xxx/CVE-1999-1014.json index 19d8d80052e..d6ac532ed52 100644 --- a/1999/1xxx/CVE-1999-1014.json +++ b/1999/1xxx/CVE-1999-1014.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a long -m argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990913 Solaris 2.7 /usr/bin/mail", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=93727925026476&w=2" - }, - { - "name" : "19990927 Working Solaris x86 /usr/bin/mail exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=93846422810162&w=2" - }, - { - "name" : "sun-usrbinmail-local-bo(3297)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/3297" - }, - { - "name" : "672", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/672" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a long -m argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sun-usrbinmail-local-bo(3297)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/3297" + }, + { + "name": "672", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/672" + }, + { + "name": "19990913 Solaris 2.7 /usr/bin/mail", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=93727925026476&w=2" + }, + { + "name": "19990927 Working Solaris x86 /usr/bin/mail exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=93846422810162&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2315.json b/2005/2xxx/CVE-2005-2315.json index f28756953f2..fa3977148e9 100644 --- a/2005/2xxx/CVE-2005-2315.json +++ b/2005/2xxx/CVE-2005-2315.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers to execute arbitrary code via a large number of large DNS packets with the Z and QR flags cleared." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=482568", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=482568" - }, - { - "name" : "http://www.FreeBSD.org/ports/portaudit/e72fd82b-fa01-11d9-bc08-0001020eed82.html", - "refsource" : "CONFIRM", - "url" : "http://www.FreeBSD.org/ports/portaudit/e72fd82b-fa01-11d9-bc08-0001020eed82.html" - }, - { - "name" : "1014557", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014557" - }, - { - "name" : "16142", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16142" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers to execute arbitrary code via a large number of large DNS packets with the Z and QR flags cleared." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014557", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014557" + }, + { + "name": "16142", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16142" + }, + { + "name": "http://www.FreeBSD.org/ports/portaudit/e72fd82b-fa01-11d9-bc08-0001020eed82.html", + "refsource": "CONFIRM", + "url": "http://www.FreeBSD.org/ports/portaudit/e72fd82b-fa01-11d9-bc08-0001020eed82.html" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=482568", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=482568" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2637.json b/2005/2xxx/CVE-2005-2637.json index 85ef34524a5..89e49b030e1 100644 --- a/2005/2xxx/CVE-2005-2637.json +++ b/2005/2xxx/CVE-2005-2637.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2637", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Match or (2) CatID parameter to SearchResults.php, or (3) the password to AccessControl.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050817 PHPFreeNews V1.40 and prior Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112439254700016&w=2" - }, - { - "name" : "14589", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14589" - }, - { - "name" : "1014726", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014726" - }, - { - "name" : "16490", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16490/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Match or (2) CatID parameter to SearchResults.php, or (3) the password to AccessControl.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16490", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16490/" + }, + { + "name": "1014726", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014726" + }, + { + "name": "20050817 PHPFreeNews V1.40 and prior Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112439254700016&w=2" + }, + { + "name": "14589", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14589" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1532.json b/2007/1xxx/CVE-2007-1532.json index bf5ed8bbfaa..0b7aaabd4c6 100644 --- a/2007/1xxx/CVE-2007-1532.json +++ b/2007/1xxx/CVE-2007-1532.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The neighbor discovery implementation in Microsoft Windows Vista allows remote attackers to conduct a redirect attack by (1) responding to queries by sending spoofed Neighbor Advertisements or (2) blindly sending Neighbor Advertisements." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070313 New report on Windows Vista network attack surface", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/462793/100/0/threaded" - }, - { - "name" : "20070403 Nine Vista CVEs, including Microsoft inaccurate Teredo use case documentation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/464617/100/0/threaded" - }, - { - "name" : "http://www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.pdf", - "refsource" : "MISC", - "url" : "http://www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.pdf" - }, - { - "name" : "http://www.symantec.com/enterprise/security_response/weblog/2007/04/microsofts_inaccurate_teredo_d.html", - "refsource" : "MISC", - "url" : "http://www.symantec.com/enterprise/security_response/weblog/2007/04/microsofts_inaccurate_teredo_d.html" - }, - { - "name" : "23293", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23293" - }, - { - "name" : "33665", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The neighbor discovery implementation in Microsoft Windows Vista allows remote attackers to conduct a redirect attack by (1) responding to queries by sending spoofed Neighbor Advertisements or (2) blindly sending Neighbor Advertisements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.pdf", + "refsource": "MISC", + "url": "http://www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.pdf" + }, + { + "name": "20070313 New report on Windows Vista network attack surface", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/462793/100/0/threaded" + }, + { + "name": "20070403 Nine Vista CVEs, including Microsoft inaccurate Teredo use case documentation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/464617/100/0/threaded" + }, + { + "name": "33665", + "refsource": "OSVDB", + "url": "http://osvdb.org/33665" + }, + { + "name": "http://www.symantec.com/enterprise/security_response/weblog/2007/04/microsofts_inaccurate_teredo_d.html", + "refsource": "MISC", + "url": "http://www.symantec.com/enterprise/security_response/weblog/2007/04/microsofts_inaccurate_teredo_d.html" + }, + { + "name": "23293", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23293" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5087.json b/2007/5xxx/CVE-2007-5087.json index 8cbe2e8e06f..57ecf2cb49b 100644 --- a/2007/5xxx/CVE-2007-5087.json +++ b/2007/5xxx/CVE-2007-5087.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ATM module in the Linux kernel before 2.4.35.3, when CLIP support is enabled, allows local users to cause a denial of service (kernel panic) by reading /proc/net/atm/arp before the CLIP module has been loaded." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.35.y.git;a=commitdiff;h=b7ae15e7707050baafe5a35e3d4f2d175197d222", - "refsource" : "MISC", - "url" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.35.y.git;a=commitdiff;h=b7ae15e7707050baafe5a35e3d4f2d175197d222" - }, - { - "name" : "http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35.3", - "refsource" : "CONFIRM", - "url" : "http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35.3" - }, - { - "name" : "http://lwn.net/Articles/251162/", - "refsource" : "CONFIRM", - "url" : "http://lwn.net/Articles/251162/" - }, - { - "name" : "25798", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25798" - }, - { - "name" : "ADV-2007-3246", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3246" - }, - { - "name" : "39237", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39237" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ATM module in the Linux kernel before 2.4.35.3, when CLIP support is enabled, allows local users to cause a denial of service (kernel panic) by reading /proc/net/atm/arp before the CLIP module has been loaded." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39237", + "refsource": "OSVDB", + "url": "http://osvdb.org/39237" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.35.y.git;a=commitdiff;h=b7ae15e7707050baafe5a35e3d4f2d175197d222", + "refsource": "MISC", + "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.35.y.git;a=commitdiff;h=b7ae15e7707050baafe5a35e3d4f2d175197d222" + }, + { + "name": "ADV-2007-3246", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3246" + }, + { + "name": "http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35.3", + "refsource": "CONFIRM", + "url": "http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35.3" + }, + { + "name": "http://lwn.net/Articles/251162/", + "refsource": "CONFIRM", + "url": "http://lwn.net/Articles/251162/" + }, + { + "name": "25798", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25798" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5272.json b/2007/5xxx/CVE-2007-5272.json index 28054f8ec21..8d0c3cae2ea 100644 --- a/2007/5xxx/CVE-2007-5272.json +++ b/2007/5xxx/CVE-2007-5272.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in kategori.asp in Furkan Tastan Blog allows remote attackers to execute arbitrary SQL commands via the id parameter in a goster kat action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4486", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4486" - }, - { - "name" : "25934", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25934" - }, - { - "name" : "37457", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37457" - }, - { - "name" : "27070", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27070" - }, - { - "name" : "furkan-kategori-sql-injection(36971)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36971" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in kategori.asp in Furkan Tastan Blog allows remote attackers to execute arbitrary SQL commands via the id parameter in a goster kat action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25934", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25934" + }, + { + "name": "4486", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4486" + }, + { + "name": "furkan-kategori-sql-injection(36971)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36971" + }, + { + "name": "37457", + "refsource": "OSVDB", + "url": "http://osvdb.org/37457" + }, + { + "name": "27070", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27070" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5549.json b/2007/5xxx/CVE-2007-5549.json index 116ce259e4d..9fc03ca33a7 100644 --- a/2007/5xxx/CVE-2007-5549.json +++ b/2007/5xxx/CVE-2007-5549.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Command EXEC in Cisco IOS allows local users to bypass command restrictions and obtain sensitive information via an unspecified \"variation of an IOS command\" involving \"two different methods\", aka CSCsk16129. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.irmplc.com/index.php/111-Vendor-Alerts", - "refsource" : "MISC", - "url" : "http://www.irmplc.com/index.php/111-Vendor-Alerts" - }, - { - "name" : "45363", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Command EXEC in Cisco IOS allows local users to bypass command restrictions and obtain sensitive information via an unspecified \"variation of an IOS command\" involving \"two different methods\", aka CSCsk16129. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.irmplc.com/index.php/111-Vendor-Alerts", + "refsource": "MISC", + "url": "http://www.irmplc.com/index.php/111-Vendor-Alerts" + }, + { + "name": "45363", + "refsource": "OSVDB", + "url": "http://osvdb.org/45363" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5940.json b/2007/5xxx/CVE-2007-5940.json index c918a2ca5f0..d74a9c0415b 100644 --- a/2007/5xxx/CVE-2007-5940.json +++ b/2007/5xxx/CVE-2007-5940.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5940", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=198231", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=198231" - }, - { - "name" : "GLSA-200711-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200711-32.xml" - }, - { - "name" : "26507", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26507" - }, - { - "name" : "ADV-2007-3974", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3974" - }, - { - "name" : "42397", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42397" - }, - { - "name" : "27737", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27737" - }, - { - "name" : "27739", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27739" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=198231", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=198231" + }, + { + "name": "27739", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27739" + }, + { + "name": "GLSA-200711-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200711-32.xml" + }, + { + "name": "42397", + "refsource": "OSVDB", + "url": "http://osvdb.org/42397" + }, + { + "name": "27737", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27737" + }, + { + "name": "ADV-2007-3974", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3974" + }, + { + "name": "26507", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26507" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5991.json b/2007/5xxx/CVE-2007-5991.json index 138cddc7a17..45a1a642e14 100644 --- a/2007/5xxx/CVE-2007-5991.json +++ b/2007/5xxx/CVE-2007-5991.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5991", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in ExoPHPdesk allows remote attackers to execute arbitrary SQL commands via the user parameter in a profile fn action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071113 ExoPHPdesk user profile XSS / profile SQL injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/483673/100/0/threaded" - }, - { - "name" : "26431", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26431" - }, - { - "name" : "3368", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3368" - }, - { - "name" : "exophpdesk-index-sql-injection(38448)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38448" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in ExoPHPdesk allows remote attackers to execute arbitrary SQL commands via the user parameter in a profile fn action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20071113 ExoPHPdesk user profile XSS / profile SQL injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/483673/100/0/threaded" + }, + { + "name": "3368", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3368" + }, + { + "name": "26431", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26431" + }, + { + "name": "exophpdesk-index-sql-injection(38448)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38448" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2543.json b/2009/2xxx/CVE-2009-2543.json index 1963f89cb67..7c426dc76da 100644 --- a/2009/2xxx/CVE-2009-2543.json +++ b/2009/2xxx/CVE-2009-2543.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allow remote attackers to bypass detection of malware via a modified (1) ZIP or (2) CAB archive, a related issue to CVE-2009-1240." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090715 Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504987/100/0/threaded" - }, - { - "name" : "20090716 Re: Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504995/100/0/threaded" - }, - { - "name" : "20090716 Re[2]: Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504992/100/0/threaded" - }, - { - "name" : "http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417", - "refsource" : "MISC", - "url" : "http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allow remote attackers to bypass detection of malware via a modified (1) ZIP or (2) CAB archive, a related issue to CVE-2009-1240." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090716 Re: Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504995/100/0/threaded" + }, + { + "name": "http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417", + "refsource": "MISC", + "url": "http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417" + }, + { + "name": "20090715 Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504987/100/0/threaded" + }, + { + "name": "20090716 Re[2]: Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504992/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2744.json b/2009/2xxx/CVE-2009-2744.json index 3fd4498f323..43315ee1f73 100644 --- a/2009/2xxx/CVE-2009-2744.json +++ b/2009/2xxx/CVE-2009-2744.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to cause a denial of service via unknown vectors, related to \"an error in fixpacks 6.1.0.23 and 6.1.0.25.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27007951", - "refsource" : "MISC", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27007951" - }, - { - "name" : "PK91709", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK91709" - }, - { - "name" : "ADV-2009-2721", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2721" - }, - { - "name" : "was-unspecified-dos(53344)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to cause a denial of service via unknown vectors, related to \"an error in fixpacks 6.1.0.23 and 6.1.0.25.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PK91709", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK91709" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27007951", + "refsource": "MISC", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27007951" + }, + { + "name": "was-unspecified-dos(53344)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53344" + }, + { + "name": "ADV-2009-2721", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2721" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0279.json b/2015/0xxx/CVE-2015-0279.json index 99a4b85b85a..b0efb0656a1 100644 --- a/2015/0xxx/CVE-2015-0279.json +++ b/2015/0xxx/CVE-2015-0279.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0279", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-0279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1192140", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1192140" - }, - { - "name" : "RHSA-2015:0719", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0719.html" - }, - { - "name" : "JVN#56297719", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN56297719/index.html" - }, - { - "name" : "JVNDB-2015-001959", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-001959.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1192140", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192140" + }, + { + "name": "RHSA-2015:0719", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0719.html" + }, + { + "name": "JVN#56297719", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN56297719/index.html" + }, + { + "name": "JVNDB-2015-001959", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-001959.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0825.json b/2015/0xxx/CVE-2015-0825.json index 351845f7f4a..702701d32f9 100644 --- a/2015/0xxx/CVE-2015-0825.json +++ b/2015/0xxx/CVE-2015-0825.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a malformed MP3 file that improperly interacts with memory allocation during playback." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-0825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-21.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-21.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1092370", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1092370" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "openSUSE-SU-2015:0404", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html" - }, - { - "name" : "openSUSE-SU-2015:0570", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html" - }, - { - "name" : "USN-2505-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2505-1" - }, - { - "name" : "72751", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72751" - }, - { - "name" : "1031791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a malformed MP3 file that improperly interacts with memory allocation during playback." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72751", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72751" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "openSUSE-SU-2015:0404", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-21.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-21.html" + }, + { + "name": "1031791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031791" + }, + { + "name": "openSUSE-SU-2015:0570", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html" + }, + { + "name": "USN-2505-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2505-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1092370", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1092370" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3024.json b/2015/3xxx/CVE-2015-3024.json index edfbda125df..02cc743331a 100644 --- a/2015/3xxx/CVE-2015-3024.json +++ b/2015/3xxx/CVE-2015-3024.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3024", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3024", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3216.json b/2015/3xxx/CVE-2015-3216.json index 29ad4c8b120..bbded360832 100644 --- a/2015/3xxx/CVE-2015-3216.json +++ b/2015/3xxx/CVE-2015-3216.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-3216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1225994", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1225994" - }, - { - "name" : "RHSA-2015:1115", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1115.html" - }, - { - "name" : "RHSA-2016:2957", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2957.html" - }, - { - "name" : "SUSE-SU-2015:1143", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html" - }, - { - "name" : "SUSE-SU-2015:1150", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html" - }, - { - "name" : "SUSE-SU-2015:1182", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html" - }, - { - "name" : "SUSE-SU-2015:1184", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html" - }, - { - "name" : "openSUSE-SU-2015:1139", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html" - }, - { - "name" : "75219", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75219" - }, - { - "name" : "1032587", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032587" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2015:1184", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html" + }, + { + "name": "1032587", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032587" + }, + { + "name": "SUSE-SU-2015:1150", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html" + }, + { + "name": "RHSA-2015:1115", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html" + }, + { + "name": "SUSE-SU-2015:1182", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html" + }, + { + "name": "SUSE-SU-2015:1143", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html" + }, + { + "name": "75219", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75219" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1225994", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1225994" + }, + { + "name": "RHSA-2016:2957", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html" + }, + { + "name": "openSUSE-SU-2015:1139", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4083.json b/2015/4xxx/CVE-2015-4083.json index 557190ff8a6..4b4f7c44f4e 100644 --- a/2015/4xxx/CVE-2015-4083.json +++ b/2015/4xxx/CVE-2015-4083.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4083", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4083", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4136.json b/2015/4xxx/CVE-2015-4136.json index 0608efa01dd..2157d188c53 100644 --- a/2015/4xxx/CVE-2015-4136.json +++ b/2015/4xxx/CVE-2015-4136.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4136", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4136", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4325.json b/2015/4xxx/CVE-2015-4325.json index 96b1a709f39..e0fd1916fce 100644 --- a/2015/4xxx/CVE-2015-4325.json +++ b/2015/4xxx/CVE-2015-4325.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4325", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The process-management implementation in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges by terminating a firestarter.py supervised process and then triggering the restart of a process by the root account, aka Bug ID CSCuv12272." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151006 Cisco TelePresence Video Communication Server (VCS) Expressway Privilege Escalation Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151006-vcs" - }, - { - "name" : "1033751", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033751" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The process-management implementation in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges by terminating a firestarter.py supervised process and then triggering the restart of a process by the root account, aka Bug ID CSCuv12272." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20151006 Cisco TelePresence Video Communication Server (VCS) Expressway Privilege Escalation Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151006-vcs" + }, + { + "name": "1033751", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033751" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4660.json b/2015/4xxx/CVE-2015-4660.json index 9a8c1ba08e6..a1554e39663 100644 --- a/2015/4xxx/CVE-2015-4660.json +++ b/2015/4xxx/CVE-2015-4660.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4660", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Enhanced SQL Portal 5.0.7961 allows remote attackers to inject arbitrary web script or HTML via the id parameter to iframe.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4660", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150602 Enhanced SQL Portal 5.0.7961 XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535661/100/0/threaded" - }, - { - "name" : "http://hyp3rlinx.altervista.org/advisories/AS-ENHSQLPORTAL0602.txt", - "refsource" : "MISC", - "url" : "http://hyp3rlinx.altervista.org/advisories/AS-ENHSQLPORTAL0602.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/132122/Enhanced-SQL-Portal-5.0.7961-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132122/Enhanced-SQL-Portal-5.0.7961-Cross-Site-Scripting.html" - }, - { - "name" : "74946", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74946" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Enhanced SQL Portal 5.0.7961 allows remote attackers to inject arbitrary web script or HTML via the id parameter to iframe.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hyp3rlinx.altervista.org/advisories/AS-ENHSQLPORTAL0602.txt", + "refsource": "MISC", + "url": "http://hyp3rlinx.altervista.org/advisories/AS-ENHSQLPORTAL0602.txt" + }, + { + "name": "74946", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74946" + }, + { + "name": "20150602 Enhanced SQL Portal 5.0.7961 XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535661/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/132122/Enhanced-SQL-Portal-5.0.7961-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132122/Enhanced-SQL-Portal-5.0.7961-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8009.json b/2015/8xxx/CVE-2015-8009.json index 4152584e1e2..78f345e3479 100644 --- a/2015/8xxx/CVE-2015-8009.json +++ b/2015/8xxx/CVE-2015-8009.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's credentials by leveraging knowledge of the credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20151029 Re: CVE Request: MediaWiki 1.25.3, 1.24.4 and 1.23.11", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/10/29/14" - }, - { - "name" : "https://phabricator.wikimedia.org/T103023", - "refsource" : "CONFIRM", - "url" : "https://phabricator.wikimedia.org/T103023" - }, - { - "name" : "1034028", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's credentials by leveraging knowledge of the credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1034028", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034028" + }, + { + "name": "https://phabricator.wikimedia.org/T103023", + "refsource": "CONFIRM", + "url": "https://phabricator.wikimedia.org/T103023" + }, + { + "name": "[oss-security] 20151029 Re: CVE Request: MediaWiki 1.25.3, 1.24.4 and 1.23.11", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/10/29/14" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8175.json b/2015/8xxx/CVE-2015-8175.json index a61b7657658..5312605e90e 100644 --- a/2015/8xxx/CVE-2015-8175.json +++ b/2015/8xxx/CVE-2015-8175.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8175", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8175", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8433.json b/2015/8xxx/CVE-2015-8433.json index a9db3fa121c..47032a3b4b4 100644 --- a/2015/8xxx/CVE-2015-8433.json +++ b/2015/8xxx/CVE-2015-8433.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-8433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "GLSA-201601-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201601-03" - }, - { - "name" : "SUSE-SU-2015:2236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html" - }, - { - "name" : "SUSE-SU-2015:2247", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html" - }, - { - "name" : "openSUSE-SU-2015:2239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html" - }, - { - "name" : "78715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/78715" - }, - { - "name" : "1034318", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:2239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html" + }, + { + "name": "78715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/78715" + }, + { + "name": "SUSE-SU-2015:2236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "SUSE-SU-2015:2247", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html" + }, + { + "name": "1034318", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034318" + }, + { + "name": "GLSA-201601-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201601-03" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9003.json b/2015/9xxx/CVE-2015-9003.json index 3a902287b5b..58d0e19d716 100644 --- a/2015/9xxx/CVE-2015-9003.json +++ b/2015/9xxx/CVE-2015-9003.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2015-9003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm Products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In TrustZone a cryptographic issue can potentially occur in all Android releases from CAF using the Linux kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cryptographic Issues in TrustZone" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2015-9003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm Products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-04-01" - }, - { - "name" : "97329", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97329" - }, - { - "name" : "1038201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In TrustZone a cryptographic issue can potentially occur in all Android releases from CAF using the Linux kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cryptographic Issues in TrustZone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-04-01" + }, + { + "name": "97329", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97329" + }, + { + "name": "1038201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038201" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9186.json b/2015/9xxx/CVE-2015-9186.json index 46d31a6fe44..2019cce88ca 100644 --- a/2015/9xxx/CVE-2015-9186.json +++ b/2015/9xxx/CVE-2015-9186.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2015-9186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a PlayReady API function, a buffer over-read can occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Over-read in TrustZone" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2015-9186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a PlayReady API function, a buffer over-read can occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Over-read in TrustZone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1838.json b/2016/1xxx/CVE-2016-1838.json index 5e82ae9cbf0..dea94507bb4 100644 --- a/2016/1xxx/CVE-2016-1838.json +++ b/2016/1xxx/CVE-2016-1838.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-1838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=639", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=639" - }, - { - "name" : "https://support.apple.com/HT206564", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206564" - }, - { - "name" : "https://support.apple.com/HT206566", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206566" - }, - { - "name" : "https://support.apple.com/HT206567", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206567" - }, - { - "name" : "https://support.apple.com/HT206568", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206568" - }, - { - "name" : "http://xmlsoft.org/news.html", - "refsource" : "CONFIRM", - "url" : "http://xmlsoft.org/news.html" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=758588", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=758588" - }, - { - "name" : "https://git.gnome.org/browse/libxml2/commit/?id=db07dd613e461df93dde7902c6505629bf0734e9", - "refsource" : "CONFIRM", - "url" : "https://git.gnome.org/browse/libxml2/commit/?id=db07dd613e461df93dde7902c6505629bf0734e9" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10170", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10170" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-18", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-18" - }, - { - "name" : "APPLE-SA-2016-05-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00001.html" - }, - { - "name" : "APPLE-SA-2016-05-16-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00002.html" - }, - { - "name" : "APPLE-SA-2016-05-16-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00003.html" - }, - { - "name" : "APPLE-SA-2016-05-16-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html" - }, - { - "name" : "DSA-3593", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2016/dsa-3593" - }, - { - "name" : "GLSA-201701-37", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-37" - }, - { - "name" : "RHSA-2016:1292", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1292" - }, - { - "name" : "RHSA-2016:2957", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2957.html" - }, - { - "name" : "USN-2994-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2994-1" - }, - { - "name" : "90691", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90691" - }, - { - "name" : "1035890", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035890" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10170", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10170" + }, + { + "name": "RHSA-2016:1292", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1292" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" + }, + { + "name": "https://support.apple.com/HT206567", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206567" + }, + { + "name": "90691", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90691" + }, + { + "name": "DSA-3593", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2016/dsa-3593" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=758588", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=758588" + }, + { + "name": "http://xmlsoft.org/news.html", + "refsource": "CONFIRM", + "url": "http://xmlsoft.org/news.html" + }, + { + "name": "https://git.gnome.org/browse/libxml2/commit/?id=db07dd613e461df93dde7902c6505629bf0734e9", + "refsource": "CONFIRM", + "url": "https://git.gnome.org/browse/libxml2/commit/?id=db07dd613e461df93dde7902c6505629bf0734e9" + }, + { + "name": "APPLE-SA-2016-05-16-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html" + }, + { + "name": "USN-2994-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2994-1" + }, + { + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=639", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=639" + }, + { + "name": "https://support.apple.com/HT206566", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206566" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" + }, + { + "name": "https://www.tenable.com/security/tns-2016-18", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-18" + }, + { + "name": "APPLE-SA-2016-05-16-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00003.html" + }, + { + "name": "https://support.apple.com/HT206564", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206564" + }, + { + "name": "RHSA-2016:2957", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html" + }, + { + "name": "GLSA-201701-37", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-37" + }, + { + "name": "1035890", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035890" + }, + { + "name": "APPLE-SA-2016-05-16-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00002.html" + }, + { + "name": "https://support.apple.com/HT206568", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206568" + }, + { + "name": "APPLE-SA-2016-05-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5302.json b/2016/5xxx/CVE-2016-5302.json index 4a14d5bd8e3..b40e42e75a8 100644 --- a/2016/5xxx/CVE-2016-5302.json +++ b/2016/5xxx/CVE-2016-5302.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5302", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to \"compromise\" a host by leveraging credentials for an Active Directory account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.citrix.com/article/CTX213549", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX213549" - }, - { - "name" : "https://support.citrix.com/article/CTX213769", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX213769" - }, - { - "name" : "1036082", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to \"compromise\" a host by leveraging credentials for an Active Directory account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.citrix.com/article/CTX213769", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX213769" + }, + { + "name": "1036082", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036082" + }, + { + "name": "http://support.citrix.com/article/CTX213549", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX213549" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5541.json b/2016/5xxx/CVE-2016-5541.json index 92d4a363361..1bb47be9082 100644 --- a/2016/5xxx/CVE-2016-5541.json +++ b/2016/5xxx/CVE-2016-5541.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2016-5541", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Cluster", - "version" : { - "version_data" : [ - { - "version_value" : "7.2.26 and earlier" - }, - { - "version_value" : "7.3.14 and earlier" - }, - { - "version_value" : "7.4.12 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI). Supported versions that are affected are 7.2.26 and earlier, 7.3.14 and earlier and 7.4.12 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 4.8 (Integrity and Availability impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-5541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Cluster", + "version": { + "version_data": [ + { + "version_value": "7.2.26 and earlier" + }, + { + "version_value": "7.3.14 and earlier" + }, + { + "version_value": "7.4.12 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://twitter.com/NicolasLemonias/status/821954512168648705", - "refsource" : "MISC", - "url" : "https://twitter.com/NicolasLemonias/status/821954512168648705" - }, - { - "name" : "https://www.docdroid.net/o2uVeg4/cve2016554.pdf.html", - "refsource" : "MISC", - "url" : "https://www.docdroid.net/o2uVeg4/cve2016554.pdf.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95592", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95592" - }, - { - "name" : "1037640", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI). Supported versions that are affected are 7.2.26 and earlier, 7.3.14 and earlier and 7.4.12 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 4.8 (Integrity and Availability impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://twitter.com/NicolasLemonias/status/821954512168648705", + "refsource": "MISC", + "url": "https://twitter.com/NicolasLemonias/status/821954512168648705" + }, + { + "name": "1037640", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037640" + }, + { + "name": "95592", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95592" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + }, + { + "name": "https://www.docdroid.net/o2uVeg4/cve2016554.pdf.html", + "refsource": "MISC", + "url": "https://www.docdroid.net/o2uVeg4/cve2016554.pdf.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5742.json b/2016/5xxx/CVE-2016-5742.json index ebf7885de90..a71c972236b 100644 --- a/2016/5xxx/CVE-2016-5742.json +++ b/2016/5xxx/CVE-2016-5742.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5742", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160622 CVE request: SQL injection in MovableType xml-rpc interface", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/22/3" - }, - { - "name" : "[oss-security] 20160622 Re: CVE request: SQL injection in MovableType xml-rpc interface", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/22/6" - }, - { - "name" : "[oss-security] 20160622 Re: CVE request: SQL injection in MovableType xml-rpc interface", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/22/5" - }, - { - "name" : "https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html", - "refsource" : "CONFIRM", - "url" : "https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html" - }, - { - "name" : "1036160", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160622 Re: CVE request: SQL injection in MovableType xml-rpc interface", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/22/5" + }, + { + "name": "1036160", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036160" + }, + { + "name": "[oss-security] 20160622 CVE request: SQL injection in MovableType xml-rpc interface", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/22/3" + }, + { + "name": "https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html", + "refsource": "CONFIRM", + "url": "https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html" + }, + { + "name": "[oss-security] 20160622 Re: CVE request: SQL injection in MovableType xml-rpc interface", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/22/6" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5992.json b/2016/5xxx/CVE-2016-5992.json index 7e30832a705..dd555272727 100644 --- a/2016/5xxx/CVE-2016-5992.json +++ b/2016/5xxx/CVE-2016-5992.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to cause a denial of service via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-5992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21989807", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21989807" - }, - { - "name" : "IT16911", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT16911" - }, - { - "name" : "94514", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to cause a denial of service via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21989807", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989807" + }, + { + "name": "94514", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94514" + }, + { + "name": "IT16911", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT16911" + } + ] + } +} \ No newline at end of file diff --git a/2018/1999xxx/CVE-2018-1999030.json b/2018/1999xxx/CVE-2018-1999030.json index 4558c55c12e..524705e4e82 100644 --- a/2018/1999xxx/CVE-2018-1999030.json +++ b/2018/1999xxx/CVE-2018-1999030.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-07-31T15:54:50.971554", - "DATE_REQUESTED" : "2018-07-30T00:00:00", - "ID" : "CVE-2018-1999030", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "1.3.1 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-285" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-07-31T15:54:50.971554", + "DATE_REQUESTED": "2018-07-30T00:00:00", + "ID": "CVE-2018-1999030", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-1022", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-1022" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-1022", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-1022" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2178.json b/2018/2xxx/CVE-2018-2178.json index 6c2fd6f84a6..f032cecebc2 100644 --- a/2018/2xxx/CVE-2018-2178.json +++ b/2018/2xxx/CVE-2018-2178.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2178", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2178", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2304.json b/2018/2xxx/CVE-2018-2304.json index 0f0c6a4cf64..0b9e7f8dc5f 100644 --- a/2018/2xxx/CVE-2018-2304.json +++ b/2018/2xxx/CVE-2018-2304.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2304", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2304", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2818.json b/2018/2xxx/CVE-2018-2818.json index 352827e22f8..c2a1b0ec231 100644 --- a/2018/2xxx/CVE-2018-2818.json +++ b/2018/2xxx/CVE-2018-2818.json @@ -1,121 +1,121 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.5.59 and prior" - }, - { - "version_affected" : "=", - "version_value" : "5.6.39 and prior" - }, - { - "version_affected" : "=", - "version_value" : "5.7.21 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.5.59 and prior" + }, + { + "version_affected": "=", + "version_value": "5.6.39 and prior" + }, + { + "version_affected": "=", + "version_value": "5.7.21 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180419-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180419-0002/" - }, - { - "name" : "DSA-4176", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4176" - }, - { - "name" : "RHSA-2018:1254", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1254" - }, - { - "name" : "RHSA-2018:3655", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3655" - }, - { - "name" : "USN-3629-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3629-1/" - }, - { - "name" : "USN-3629-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3629-2/" - }, - { - "name" : "USN-3629-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3629-3/" - }, - { - "name" : "103824", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103824" - }, - { - "name" : "1040698", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040698", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040698" + }, + { + "name": "RHSA-2018:1254", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1254" + }, + { + "name": "103824", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103824" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180419-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180419-0002/" + }, + { + "name": "DSA-4176", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4176" + }, + { + "name": "[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html" + }, + { + "name": "RHSA-2018:3655", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "USN-3629-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3629-1/" + }, + { + "name": "USN-3629-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3629-2/" + }, + { + "name": "USN-3629-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3629-3/" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2968.json b/2018/2xxx/CVE-2018-2968.json index 904c5c406b1..8242d4e1ad6 100644 --- a/2018/2xxx/CVE-2018-2968.json +++ b/2018/2xxx/CVE-2018-2968.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2968", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera Unifier accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2968", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104823", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera Unifier accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "104823", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104823" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6504.json b/2018/6xxx/CVE-2018-6504.json index d38557db253..9a666e3b51f 100644 --- a/2018/6xxx/CVE-2018-6504.json +++ b/2018/6xxx/CVE-2018-6504.json @@ -1,95 +1,95 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "DATE_PUBLIC" : "2018-09-19T15:55:00.000Z", - "ID" : "CVE-2018-6504", - "STATE" : "PUBLIC", - "TITLE" : "MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ArcSight Management Center", - "version" : { - "version_data" : [ - { - "version_value" : "all versions prior to 2.81" - } - ] - } - } - ] - }, - "vendor_name" : "Micro Focus" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Micro Focus would like to thank Andy Tan for reporting the Insufficient Access Control, Access Control Vulnerability, Reflected Cross Site Scripting, Cross-Site Request Forgery (CSRF), and Unauthenticated File Download vulnerabilities to cyber-psrt@microfocus.com.\n" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Cross-Site Request Forgery (CSRF)." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "Cross-Site Request Forgery (CSRF)" - } - ], - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 8.8, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Request Forgery (CSRF)" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2018-09-19T15:55:00.000Z", + "ID": "CVE-2018-6504", + "STATE": "PUBLIC", + "TITLE": "MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ArcSight Management Center", + "version": { + "version_data": [ + { + "version_value": "all versions prior to 2.81" + } + ] + } + } + ] + }, + "vendor_name": "Micro Focus" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142", - "refsource" : "CONFIRM", - "url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Micro Focus would like to thank Andy Tan for reporting the Insufficient Access Control, Access Control Vulnerability, Reflected Cross Site Scripting, Cross-Site Request Forgery (CSRF), and Unauthenticated File Download vulnerabilities to cyber-psrt@microfocus.com.\n" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Cross-Site Request Forgery (CSRF)." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery (CSRF)" + } + ], + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142", + "refsource": "CONFIRM", + "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6781.json b/2018/6xxx/CVE-2018-6781.json index c127f8ac793..bdaab4f4d06 100644 --- a/2018/6xxx/CVE-2018-6781.json +++ b/2018/6xxx/CVE-2018-6781.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008264." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Jiangmin_Antivirus_POC/tree/master/KSysCall_9A008264", - "refsource" : "MISC", - "url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Jiangmin_Antivirus_POC/tree/master/KSysCall_9A008264" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008264." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Jiangmin_Antivirus_POC/tree/master/KSysCall_9A008264", + "refsource": "MISC", + "url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Jiangmin_Antivirus_POC/tree/master/KSysCall_9A008264" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0156.json b/2019/0xxx/CVE-2019-0156.json index ef835314b2c..d164e9022fe 100644 --- a/2019/0xxx/CVE-2019-0156.json +++ b/2019/0xxx/CVE-2019-0156.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0156", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0156", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0908.json b/2019/0xxx/CVE-2019-0908.json index 58f6ffa6feb..c1508fbbb7a 100644 --- a/2019/0xxx/CVE-2019-0908.json +++ b/2019/0xxx/CVE-2019-0908.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0908", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0908", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1060.json b/2019/1xxx/CVE-2019-1060.json index c1587c3240e..151ef93cdc5 100644 --- a/2019/1xxx/CVE-2019-1060.json +++ b/2019/1xxx/CVE-2019-1060.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1060", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1060", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1504.json b/2019/1xxx/CVE-2019-1504.json index 843ab1545dc..efd5d27e3da 100644 --- a/2019/1xxx/CVE-2019-1504.json +++ b/2019/1xxx/CVE-2019-1504.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1504", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1504", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1804.json b/2019/1xxx/CVE-2019-1804.json index 29f3923afff..ed6e39b61ed 100644 --- a/2019/1xxx/CVE-2019-1804.json +++ b/2019/1xxx/CVE-2019-1804.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1804", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1804", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1880.json b/2019/1xxx/CVE-2019-1880.json index 37d096ef28e..7a6b891f415 100644 --- a/2019/1xxx/CVE-2019-1880.json +++ b/2019/1xxx/CVE-2019-1880.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1880", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1880", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5340.json b/2019/5xxx/CVE-2019-5340.json index 76cff0e5f7a..247e48ea819 100644 --- a/2019/5xxx/CVE-2019-5340.json +++ b/2019/5xxx/CVE-2019-5340.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5340", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5340", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5370.json b/2019/5xxx/CVE-2019-5370.json index f8752c52a66..362a9a860d8 100644 --- a/2019/5xxx/CVE-2019-5370.json +++ b/2019/5xxx/CVE-2019-5370.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5370", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5370", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5769.json b/2019/5xxx/CVE-2019-5769.json index 17173dabb91..25410156f69 100644 --- a/2019/5xxx/CVE-2019-5769.json +++ b/2019/5xxx/CVE-2019-5769.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2019-5769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "72.0.3626.81" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient validation of untrusted input" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2019-5769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "72.0.3626.81" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/913975", - "refsource" : "MISC", - "url" : "https://crbug.com/913975" - }, - { - "name" : "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4395", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4395" - }, - { - "name" : "RHSA-2019:0309", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0309" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient validation of untrusted input" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2019:0309", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0309" + }, + { + "name": "DSA-4395", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4395" + }, + { + "name": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html" + }, + { + "name": "https://crbug.com/913975", + "refsource": "MISC", + "url": "https://crbug.com/913975" + } + ] + } +} \ No newline at end of file