diff --git a/1999/0xxx/CVE-1999-0400.json b/1999/0xxx/CVE-1999-0400.json index 0a60d1b974c..2d3bd2b4847 100644 --- a/1999/0xxx/CVE-1999-0400.json +++ b/1999/0xxx/CVE-1999-0400.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Denial of service in Linux 2.2.0 running the ldd command on a core file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "344", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Denial of service in Linux 2.2.0 running the ldd command on a core file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "344", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/344" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0977.json b/1999/0xxx/CVE-1999-0977.json index 6715f8eaa65..12bfa37b284 100644 --- a/1999/0xxx/CVE-1999-0977.json +++ b/1999/0xxx/CVE-1999-0977.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "00191", - "refsource" : "SUN", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/191" - }, - { - "name" : "866", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/866" - }, - { - "name" : "2354", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2354" - }, - { - "name" : "2558", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/2558" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "00191", + "refsource": "SUN", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/191" + }, + { + "name": "2354", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2354" + }, + { + "name": "2558", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/2558" + }, + { + "name": "866", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/866" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1046.json b/1999/1xxx/CVE-1999-1046.json index 2f3f1ab583e..0ab9416653d 100644 --- a/1999/1xxx/CVE-1999-1046.json +++ b/1999/1xxx/CVE-1999-1046.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1046", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 8181." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1046", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990302 Multiple IMail Vulnerabilites", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=92038879607336&w=2" - }, - { - "name" : "504", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/504" - }, - { - "name" : "imail-imonitor-overflow(1897)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 8181." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "504", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/504" + }, + { + "name": "19990302 Multiple IMail Vulnerabilites", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=92038879607336&w=2" + }, + { + "name": "imail-imonitor-overflow(1897)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1897" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1078.json b/1999/1xxx/CVE-1999-1078.json index afd4af9a02d..0b4af0ca9d7 100644 --- a/1999/1xxx/CVE-1999-1078.json +++ b/1999/1xxx/CVE-1999-1078.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WS_FTP Pro 6.0 uses weak encryption for passwords in its initialization files, which allows remote attackers to easily decrypt the passwords and gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990729 WS_FTP Pro 6.0 Weak Password Encryption Vulnerability", - "refsource" : "NTBUGTRAQ", - "url" : "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9907&L=ntbugtraq&D=0&P=10370&F=P" - }, - { - "name" : "547", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WS_FTP Pro 6.0 uses weak encryption for passwords in its initialization files, which allows remote attackers to easily decrypt the passwords and gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "547", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/547" + }, + { + "name": "19990729 WS_FTP Pro 6.0 Weak Password Encryption Vulnerability", + "refsource": "NTBUGTRAQ", + "url": "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9907&L=ntbugtraq&D=0&P=10370&F=P" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1377.json b/1999/1xxx/CVE-1999-1377.json index b2ea301836e..f78e5f74760 100644 --- a/1999/1xxx/CVE-1999-1377.json +++ b/1999/1xxx/CVE-1999-1377.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Matt Wright's download.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pulhas.org/phrack/55/P55-07.html", - "refsource" : "MISC", - "url" : "http://pulhas.org/phrack/55/P55-07.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Matt Wright's download.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pulhas.org/phrack/55/P55-07.html", + "refsource": "MISC", + "url": "http://pulhas.org/phrack/55/P55-07.html" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1429.json b/1999/1xxx/CVE-1999-1429.json index 2be445e648d..3dedc2628d7 100644 --- a/1999/1xxx/CVE-1999-1429.json +++ b/1999/1xxx/CVE-1999-1429.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DIT TransferPro installs devices with world-readable and world-writable permissions, which could allow local users to damage disks through the ff device driver." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19980105 Security flaw in either DIT TransferPro or Solaris", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=88419633507543&w=2" - }, - { - "name" : "204", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DIT TransferPro installs devices with world-readable and world-writable permissions, which could allow local users to damage disks through the ff device driver." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19980105 Security flaw in either DIT TransferPro or Solaris", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=88419633507543&w=2" + }, + { + "name": "204", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/204" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1534.json b/1999/1xxx/CVE-1999-1534.json index f97af6403f3..107ffb02239 100644 --- a/1999/1xxx/CVE-1999-1534.json +++ b/1999/1xxx/CVE-1999-1534.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in (1) nlservd and (2) rnavc in Knox Software Arkeia backup product allows local users to obtain root access via a long HOME environmental variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990923 Multiple vendor Knox Arkiea local root/remote DoS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=93837184228248&w=2" - }, - { - "name" : "661", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in (1) nlservd and (2) rnavc in Knox Software Arkeia backup product allows local users to obtain root access via a long HOME environmental variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "661", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/661" + }, + { + "name": "19990923 Multiple vendor Knox Arkiea local root/remote DoS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=93837184228248&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0024.json b/2000/0xxx/CVE-2000-0024.json index ddb4709f382..8aafd107410 100644 --- a/2000/0xxx/CVE-2000-0024.json +++ b/2000/0xxx/CVE-2000-0024.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the \"Escape Character Parsing\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.acrossecurity.com/aspr/ASPR-1999-11-10-1-PUB.txt", - "refsource" : "MISC", - "url" : "http://www.acrossecurity.com/aspr/ASPR-1999-11-10-1-PUB.txt" - }, - { - "name" : "MS99-061", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-061" - }, - { - "name" : "Q246401", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246401" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the \"Escape Character Parsing\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "Q246401", + "refsource": "MSKB", + "url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246401" + }, + { + "name": "http://www.acrossecurity.com/aspr/ASPR-1999-11-10-1-PUB.txt", + "refsource": "MISC", + "url": "http://www.acrossecurity.com/aspr/ASPR-1999-11-10-1-PUB.txt" + }, + { + "name": "MS99-061", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-061" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0083.json b/2000/0xxx/CVE-2000-0083.json index 2387a886f75..334fcd951e0 100644 --- a/2000/0xxx/CVE-2000-0083.json +++ b/2000/0xxx/CVE-2000-0083.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX0001-109", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/templates/advisory.html?id=2031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBUX0001-109", + "refsource": "HP", + "url": "http://www.securityfocus.com/templates/advisory.html?id=2031" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0269.json b/2000/0xxx/CVE-2000-0269.json index 773b4e0bc9d..d3917df8b73 100644 --- a/2000/0xxx/CVE-2000-0269.json +++ b/2000/0xxx/CVE-2000-0269.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000418 RUS-CERT Advisory 200004-01: GNU Emacs 20", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf@mercury.rus.uni-stuttgart.de" - }, - { - "name" : "1125", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000418 RUS-CERT Advisory 200004-01: GNU Emacs 20", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf@mercury.rus.uni-stuttgart.de" + }, + { + "name": "1125", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1125" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0388.json b/2000/0xxx/CVE-2000-0388.json index 3c8cb7f4512..ccdc0a9cc97 100644 --- a/2000/0xxx/CVE-2000-0388.json +++ b/2000/0xxx/CVE-2000-0388.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0388", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-00:17", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A17.libmytinfo.asc" - }, - { - "name" : "1185", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1185", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1185" + }, + { + "name": "FreeBSD-SA-00:17", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A17.libmytinfo.asc" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0694.json b/2000/0xxx/CVE-2000-0694.json index c081520cb12..b36ebca7d54 100644 --- a/2000/0xxx/CVE-2000-0694.json +++ b/2000/0xxx/CVE-2000-0694.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0694", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pgxconfig in the Raptor GFX configuration tool allows local users to gain privileges via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000802 Local root compromise in PGX Config Sun Sparc Solaris", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-07/0463.html" - }, - { - "name" : "5740", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5740" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pgxconfig in the Raptor GFX configuration tool allows local users to gain privileges via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000802 Local root compromise in PGX Config Sun Sparc Solaris", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0463.html" + }, + { + "name": "5740", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5740" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0729.json b/2000/0xxx/CVE-2000-0729.json index 77739ef71ba..c3c4d02c3fc 100644 --- a/2000/0xxx/CVE-2000-0729.json +++ b/2000/0xxx/CVE-2000-0729.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-00:41", - "refsource" : "FREEBSD", - "url" : "http://archives.neohapsis.com/archives/freebsd/2000-08/0337.html" - }, - { - "name" : "1625", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1625" - }, - { - "name" : "freebsd-elf-dos(5967)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5967" - }, - { - "name" : "1534", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1534" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FreeBSD-SA-00:41", + "refsource": "FREEBSD", + "url": "http://archives.neohapsis.com/archives/freebsd/2000-08/0337.html" + }, + { + "name": "1534", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1534" + }, + { + "name": "freebsd-elf-dos(5967)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5967" + }, + { + "name": "1625", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1625" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0919.json b/2000/0xxx/CVE-2000-0919.json index eda6f377784..eca8e4e8c5c 100644 --- a/2000/0xxx/CVE-2000-0919.json +++ b/2000/0xxx/CVE-2000-0919.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001007 PHPix advisory", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-10/0117.html" - }, - { - "name" : "1773", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1773" - }, - { - "name" : "phpix-dir-traversal(5331)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5331" - }, - { - "name" : "472", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/472" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "472", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/472" + }, + { + "name": "phpix-dir-traversal(5331)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5331" + }, + { + "name": "20001007 PHPix advisory", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0117.html" + }, + { + "name": "1773", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1773" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0983.json b/2000/0xxx/CVE-2000-0983.json index 2c680b5c310..3c9cab12d65 100644 --- a/2000/0xxx/CVE-2000-0983.json +++ b/2000/0xxx/CVE-2000-0983.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service (CPU utilization) via a sequence of null bytes to the NetMeeting port, aka the \"NetMeeting Desktop Sharing\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001018 Denial of Service attack against computers running Microsoft NetMeeting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/140341" - }, - { - "name" : "MS00-077", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-077" - }, - { - "name" : "Q273854", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q273854" - }, - { - "name" : "1798", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1798" - }, - { - "name" : "netmeeting-desktop-sharing-dos(5368)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5368" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service (CPU utilization) via a sequence of null bytes to the NetMeeting port, aka the \"NetMeeting Desktop Sharing\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "netmeeting-desktop-sharing-dos(5368)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5368" + }, + { + "name": "Q273854", + "refsource": "MSKB", + "url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q273854" + }, + { + "name": "MS00-077", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-077" + }, + { + "name": "20001018 Denial of Service attack against computers running Microsoft NetMeeting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/140341" + }, + { + "name": "1798", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1798" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1112.json b/2000/1xxx/CVE-2000-1112.json index 945ea1b9ee6..cee9331454a 100644 --- a/2000/1xxx/CVE-2000-1112.json +++ b/2000/1xxx/CVE-2000-1112.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the \".WMS Script Execution\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS00-090", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-090" - }, - { - "name" : "1976", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1976" - }, - { - "name" : "mediaplayer-wms-script-exe(5575)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5575" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the \".WMS Script Execution\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mediaplayer-wms-script-exe(5575)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5575" + }, + { + "name": "MS00-090", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-090" + }, + { + "name": "1976", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1976" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2079.json b/2005/2xxx/CVE-2005-2079.json index ccf67f08de8..960a7e17a15 100644 --- a/2005/2xxx/CVE-2005-2079.json +++ b/2005/2xxx/CVE-2005-2079.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS Backup Exec 9.0 through 10.0 for Windows Servers allows remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seer.support.veritas.com/docs/276607.htm", - "refsource" : "CONFIRM", - "url" : "http://seer.support.veritas.com/docs/276607.htm" - }, - { - "name" : "http://seer.support.veritas.com/docs/277429.htm", - "refsource" : "CONFIRM", - "url" : "http://seer.support.veritas.com/docs/277429.htm" - }, - { - "name" : "TA05-180A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-180A.html" - }, - { - "name" : "VU#352625", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/352625" - }, - { - "name" : "14023", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14023" - }, - { - "name" : "15789", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS Backup Exec 9.0 through 10.0 for Windows Servers allows remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seer.support.veritas.com/docs/276607.htm", + "refsource": "CONFIRM", + "url": "http://seer.support.veritas.com/docs/276607.htm" + }, + { + "name": "VU#352625", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/352625" + }, + { + "name": "http://seer.support.veritas.com/docs/277429.htm", + "refsource": "CONFIRM", + "url": "http://seer.support.veritas.com/docs/277429.htm" + }, + { + "name": "TA05-180A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-180A.html" + }, + { + "name": "14023", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14023" + }, + { + "name": "15789", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15789" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2455.json b/2005/2xxx/CVE-2005-2455.json index 8f86a29a25d..c7dbafafe50 100644 --- a/2005/2xxx/CVE-2005-2455.json +++ b/2005/2xxx/CVE-2005-2455.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to a file:// URL in the GM_xmlhttpRequest API function, (2) list installed scripts using GM_scripts, or obtain sensitive information via (3) GM_setValue and GM_getValue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Greasemonkey] 20050718 greasemonkey for secure data over insecure networks / sites", - "refsource" : "MLIST", - "url" : "http://mozdev.org/pipermail/greasemonkey/2005-July/004022.html" - }, - { - "name" : "[Greasemonkey] 20050718 greasemonkey for secure data over insecure networks / sites", - "refsource" : "MLIST", - "url" : "http://mozdev.org/pipermail/greasemonkey/2005-July/004000.html" - }, - { - "name" : "http://greaseblog.blogspot.com/2005/07/mandatory-greasemonkey-update.html", - "refsource" : "CONFIRM", - "url" : "http://greaseblog.blogspot.com/2005/07/mandatory-greasemonkey-update.html" - }, - { - "name" : "http://greasemonkey.mozdev.org/changes/0.3.5.html", - "refsource" : "CONFIRM", - "url" : "http://greasemonkey.mozdev.org/changes/0.3.5.html" - }, - { - "name" : "http://www.securiteam.com/securitynews/5CP0P20GBK.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/securitynews/5CP0P20GBK.html" - }, - { - "name" : "14336", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14336" - }, - { - "name" : "ADV-2005-1147", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1147" - }, - { - "name" : "18154", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18154" - }, - { - "name" : "1014529", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014529" - }, - { - "name" : "16128", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16128" - }, - { - "name" : "mozilla-greasemonkey-information-disclosure(21453)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21453" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to a file:// URL in the GM_xmlhttpRequest API function, (2) list installed scripts using GM_scripts, or obtain sensitive information via (3) GM_setValue and GM_getValue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://greasemonkey.mozdev.org/changes/0.3.5.html", + "refsource": "CONFIRM", + "url": "http://greasemonkey.mozdev.org/changes/0.3.5.html" + }, + { + "name": "16128", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16128" + }, + { + "name": "ADV-2005-1147", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1147" + }, + { + "name": "[Greasemonkey] 20050718 greasemonkey for secure data over insecure networks / sites", + "refsource": "MLIST", + "url": "http://mozdev.org/pipermail/greasemonkey/2005-July/004022.html" + }, + { + "name": "mozilla-greasemonkey-information-disclosure(21453)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21453" + }, + { + "name": "http://greaseblog.blogspot.com/2005/07/mandatory-greasemonkey-update.html", + "refsource": "CONFIRM", + "url": "http://greaseblog.blogspot.com/2005/07/mandatory-greasemonkey-update.html" + }, + { + "name": "[Greasemonkey] 20050718 greasemonkey for secure data over insecure networks / sites", + "refsource": "MLIST", + "url": "http://mozdev.org/pipermail/greasemonkey/2005-July/004000.html" + }, + { + "name": "14336", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14336" + }, + { + "name": "1014529", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014529" + }, + { + "name": "18154", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18154" + }, + { + "name": "http://www.securiteam.com/securitynews/5CP0P20GBK.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/securitynews/5CP0P20GBK.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2575.json b/2005/2xxx/CVE-2005-2575.json index d72a1f5b82e..f4a8fe3fc18 100644 --- a/2005/2xxx/CVE-2005-2575.json +++ b/2005/2xxx/CVE-2005-2575.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows remote attackers to execute arbitrary SQL commands via certain values that are inserted into the $in variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050809 Sql injection and global variables poisoning in XMB Forum 1.9.1", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112361545228809&w=2" - }, - { - "name" : "14523", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14523" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows remote attackers to execute arbitrary SQL commands via certain values that are inserted into the $in variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050809 Sql injection and global variables poisoning in XMB Forum 1.9.1", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112361545228809&w=2" + }, + { + "name": "14523", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14523" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2764.json b/2005/2xxx/CVE-2005-2764.json index 259e7a5bad9..bf6873ad190 100644 --- a/2005/2xxx/CVE-2005-2764.json +++ b/2005/2xxx/CVE-2005-2764.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200509-03", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200509-03.xml" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=102631", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=102631" - }, - { - "name" : "ADV-2005-1640", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-1640", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1640" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=102631", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=102631" + }, + { + "name": "GLSA-200509-03", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-03.xml" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2849.json b/2005/2xxx/CVE-2005-2849.json index 163c86f0872..50d8dc1bb6d 100644 --- a/2005/2xxx/CVE-2005-2849.json +++ b/2005/2xxx/CVE-2005-2849.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2849", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to (1) read portions of source code via the -f option to Dig (dig_device.cgi), (2) determine file existence via the -r argument to Tcpdump (tcpdump_device.cgi) or (3) modify files in the cgi-bin directory via the -w argument to Tcpdump." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050901 [SecuriWeb.2005.1] - Barracuda SPAM firewall advisory", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112560044813390&w=2" - }, - { - "name" : "http://securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1", - "refsource" : "MISC", - "url" : "http://securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1" - }, - { - "name" : "1014837", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2005/Sep/1014837.html" - }, - { - "name" : "16683", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16683/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to (1) read portions of source code via the -f option to Dig (dig_device.cgi), (2) determine file existence via the -r argument to Tcpdump (tcpdump_device.cgi) or (3) modify files in the cgi-bin directory via the -w argument to Tcpdump." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1", + "refsource": "MISC", + "url": "http://securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1" + }, + { + "name": "1014837", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2005/Sep/1014837.html" + }, + { + "name": "16683", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16683/" + }, + { + "name": "20050901 [SecuriWeb.2005.1] - Barracuda SPAM firewall advisory", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112560044813390&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3065.json b/2005/3xxx/CVE-2005-3065.json index 83341b4d574..77a81244f16 100644 --- a/2005/3xxx/CVE-2005-3065.json +++ b/2005/3xxx/CVE-2005-3065.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted command 40 that causes a -1 length to be used and triggers an out-of-bounds read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050925 Server crash and motd deletion in MultiTheftAuto 0.5 patch 1", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037384.html" - }, - { - "name" : "16926", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16926/" - }, - { - "name" : "26", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/26" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted command 40 that causes a -1 length to be used and triggers an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16926", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16926/" + }, + { + "name": "20050925 Server crash and motd deletion in MultiTheftAuto 0.5 patch 1", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037384.html" + }, + { + "name": "26", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/26" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3275.json b/2005/3xxx/CVE-2005-3275.json index ee3e5154918..b3fe38b20d6 100644 --- a/2005/3xxx/CVE-2005-3275.json +++ b/2005/3xxx/CVE-2005-3275.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly declares a variable to be static, which allows remote attackers to cause a denial of service (memory corruption) by causing two packets for the same protocol to be NATed at the same time, which leads to memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://linux.bkbits.net:8080/linux-2.6/cset@42e14e05d0V1d88nZlaIX1F9dCRApA", - "refsource" : "CONFIRM", - "url" : "http://linux.bkbits.net:8080/linux-2.6/cset@42e14e05d0V1d88nZlaIX1F9dCRApA" - }, - { - "name" : "DSA-922", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-922" - }, - { - "name" : "DSA-921", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-921" - }, - { - "name" : "FLSA:157459-1", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/428028/100/0/threaded" - }, - { - "name" : "FLSA:157459-2", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/428058/100/0/threaded" - }, - { - "name" : "FLSA:157459-3", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/427980/100/0/threaded" - }, - { - "name" : "MDKSA-2005:218", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:218" - }, - { - "name" : "MDKSA-2005:219", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:219" - }, - { - "name" : "MDKSA-2005:220", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:220" - }, - { - "name" : "MDKSA-2006:044", - "refsource" : "MANDRIVA", - "url" : "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:044" - }, - { - "name" : "RHSA-2006:0140", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0140.html" - }, - { - "name" : "RHSA-2006:0190", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0190.html" - }, - { - "name" : "RHSA-2006:0191", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0191.html" - }, - { - "name" : "20060402-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U" - }, - { - "name" : "SUSE-SA:2005:068", - "refsource" : "SUSE", - "url" : "http://www.securityfocus.com/archive/1/419522/100/0/threaded" - }, - { - "name" : "USN-219-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/219-1/" - }, - { - "name" : "15531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15531" - }, - { - "name" : "oval:org.mitre.oval:def:10142", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10142" - }, - { - "name" : "17918", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17918" - }, - { - "name" : "18056", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18056" - }, - { - "name" : "18059", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18059" - }, - { - "name" : "18562", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18562" - }, - { - "name" : "18684", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18684" - }, - { - "name" : "18977", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18977" - }, - { - "name" : "17826", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17826" - }, - { - "name" : "19185", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19185" - }, - { - "name" : "19607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly declares a variable to be static, which allows remote attackers to cause a denial of service (memory corruption) by causing two packets for the same protocol to be NATed at the same time, which leads to memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2006:0140", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0140.html" + }, + { + "name": "18684", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18684" + }, + { + "name": "18056", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18056" + }, + { + "name": "18977", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18977" + }, + { + "name": "MDKSA-2005:220", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:220" + }, + { + "name": "oval:org.mitre.oval:def:10142", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10142" + }, + { + "name": "18059", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18059" + }, + { + "name": "19185", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19185" + }, + { + "name": "19607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19607" + }, + { + "name": "SUSE-SA:2005:068", + "refsource": "SUSE", + "url": "http://www.securityfocus.com/archive/1/419522/100/0/threaded" + }, + { + "name": "FLSA:157459-2", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/428058/100/0/threaded" + }, + { + "name": "MDKSA-2006:044", + "refsource": "MANDRIVA", + "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:044" + }, + { + "name": "DSA-922", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-922" + }, + { + "name": "USN-219-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/219-1/" + }, + { + "name": "RHSA-2006:0190", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0190.html" + }, + { + "name": "MDKSA-2005:218", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:218" + }, + { + "name": "FLSA:157459-1", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/428028/100/0/threaded" + }, + { + "name": "DSA-921", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-921" + }, + { + "name": "http://linux.bkbits.net:8080/linux-2.6/cset@42e14e05d0V1d88nZlaIX1F9dCRApA", + "refsource": "CONFIRM", + "url": "http://linux.bkbits.net:8080/linux-2.6/cset@42e14e05d0V1d88nZlaIX1F9dCRApA" + }, + { + "name": "15531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15531" + }, + { + "name": "17826", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17826" + }, + { + "name": "20060402-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U" + }, + { + "name": "17918", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17918" + }, + { + "name": "FLSA:157459-3", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/427980/100/0/threaded" + }, + { + "name": "MDKSA-2005:219", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:219" + }, + { + "name": "RHSA-2006:0191", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0191.html" + }, + { + "name": "18562", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18562" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3369.json b/2005/3xxx/CVE-2005-3369.json index 27fb41a9c64..f27cd20afe8 100644 --- a/2005/3xxx/CVE-2005-3369.json +++ b/2005/3xxx/CVE-2005-3369.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the Info-DB module (info_db.php) in Woltlab Burning Board 2.7 and earlier allow remote attackers to execute arbitrary SQL commands and possibly upload files via the (1) fileid and (2) subkatid parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051026 Woltlab Burning Board info_db.php multiple SQL injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113034480129309&w=2" - }, - { - "name" : "15214", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15214" - }, - { - "name" : "ADV-2005-2224", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2224" - }, - { - "name" : "20330", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20330" - }, - { - "name" : "17347", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17347/" - }, - { - "name" : "119", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/119" - }, - { - "name" : "wbb-infodb-sql-injection(22887)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the Info-DB module (info_db.php) in Woltlab Burning Board 2.7 and earlier allow remote attackers to execute arbitrary SQL commands and possibly upload files via the (1) fileid and (2) subkatid parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2224", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2224" + }, + { + "name": "17347", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17347/" + }, + { + "name": "20051026 Woltlab Burning Board info_db.php multiple SQL injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113034480129309&w=2" + }, + { + "name": "wbb-infodb-sql-injection(22887)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22887" + }, + { + "name": "119", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/119" + }, + { + "name": "20330", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20330" + }, + { + "name": "15214", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15214" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3814.json b/2005/3xxx/CVE-2005-3814.json index fbfee431a9a..b41ad2a8baa 100644 --- a/2005/3xxx/CVE-2005-3814.json +++ b/2005/3xxx/CVE-2005-3814.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in SmartPPC Pro allow remote attackers to inject arbitrary web script or HTML via the username parameter in (1) directory.php, (2) frames.php, and (3) search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=5359", - "refsource" : "MISC", - "url" : "http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=5359" - }, - { - "name" : "http://nightmaresecurity.net/index.php?showtopic=1015", - "refsource" : "MISC", - "url" : "http://nightmaresecurity.net/index.php?showtopic=1015" - }, - { - "name" : "15567", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15567" - }, - { - "name" : "ADV-2005-2581", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2581" - }, - { - "name" : "21090", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21090" - }, - { - "name" : "21091", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21091" - }, - { - "name" : "21092", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21092" - }, - { - "name" : "1015259", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015259" - }, - { - "name" : "17736", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17736" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in SmartPPC Pro allow remote attackers to inject arbitrary web script or HTML via the username parameter in (1) directory.php, (2) frames.php, and (3) search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nightmaresecurity.net/index.php?showtopic=1015", + "refsource": "MISC", + "url": "http://nightmaresecurity.net/index.php?showtopic=1015" + }, + { + "name": "http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=5359", + "refsource": "MISC", + "url": "http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=5359" + }, + { + "name": "1015259", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015259" + }, + { + "name": "ADV-2005-2581", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2581" + }, + { + "name": "15567", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15567" + }, + { + "name": "21092", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21092" + }, + { + "name": "17736", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17736" + }, + { + "name": "21091", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21091" + }, + { + "name": "21090", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21090" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2190.json b/2009/2xxx/CVE-2009-2190.json index a07ee6d3a68..78666156eff 100644 --- a/2009/2xxx/CVE-2009-2190.json +++ b/2009/2xxx/CVE-2009-2190.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3757", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3757" - }, - { - "name" : "APPLE-SA-2009-08-05-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html" - }, - { - "name" : "TA09-218A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-218A.html" - }, - { - "name" : "35954", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35954" - }, - { - "name" : "56841", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56841" - }, - { - "name" : "1022672", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022672" - }, - { - "name" : "36096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36096" - }, - { - "name" : "ADV-2009-2172", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2172" - }, - { - "name" : "macosx-launchd-dos(52425)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT3757", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3757" + }, + { + "name": "56841", + "refsource": "OSVDB", + "url": "http://osvdb.org/56841" + }, + { + "name": "36096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36096" + }, + { + "name": "APPLE-SA-2009-08-05-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html" + }, + { + "name": "macosx-launchd-dos(52425)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52425" + }, + { + "name": "1022672", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022672" + }, + { + "name": "35954", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35954" + }, + { + "name": "ADV-2009-2172", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2172" + }, + { + "name": "TA09-218A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2338.json b/2009/2xxx/CVE-2009-2338.json index b38f9a9dc19..29dd29ed004 100644 --- a/2009/2xxx/CVE-2009-2338.json +++ b/2009/2xxx/CVE-2009-2338.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2338", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in includes/startmodules.inc.php in FreeWebshop.org 2.2.9 R2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2338", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8446", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8446" - }, - { - "name" : "34538", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34538" - }, - { - "name" : "34707", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34707" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in includes/startmodules.inc.php in FreeWebshop.org 2.2.9 R2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8446", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8446" + }, + { + "name": "34707", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34707" + }, + { + "name": "34538", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34538" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2826.json b/2009/2xxx/CVE-2009-2826.json index 07c1c05e4b1..eb5226a0903 100644 --- a/2009/2xxx/CVE-2009-2826.json +++ b/2009/2xxx/CVE-2009-2826.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2826", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2826", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3937", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3937" - }, - { - "name" : "APPLE-SA-2009-11-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" - }, - { - "name" : "36956", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36956" - }, - { - "name" : "ADV-2009-3184", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36956", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36956" + }, + { + "name": "ADV-2009-3184", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3184" + }, + { + "name": "APPLE-SA-2009-11-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT3937", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3937" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2921.json b/2009/2xxx/CVE-2009-2921.json index c8f379ae101..75216fcda57 100644 --- a/2009/2xxx/CVE-2009-2921.json +++ b/2009/2xxx/CVE-2009-2921.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword parameter (Password field)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9353", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9353" - }, - { - "name" : "ADV-2009-2161", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2161" - }, - { - "name" : "phpnews-login-sql-injection(52231)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword parameter (Password field)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpnews-login-sql-injection(52231)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52231" + }, + { + "name": "9353", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9353" + }, + { + "name": "ADV-2009-2161", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2161" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3049.json b/2009/3xxx/CVE-2009-3049.json index 9b2d5cb1d6b..169cc6bb3ad 100644 --- a/2009/3xxx/CVE-2009-3049.json +++ b/2009/3xxx/CVE-2009-3049.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3049", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3049", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/freebsd/1000/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/freebsd/1000/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/linux/1000/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/linux/1000/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/mac/1000/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1000/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/solaris/1000/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/solaris/1000/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1000/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1000/" - }, - { - "name" : "http://www.opera.com/support/kb/view/932/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/932/" - }, - { - "name" : "oval:org.mitre.oval:def:6235", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/freebsd/1000/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/freebsd/1000/" + }, + { + "name": "oval:org.mitre.oval:def:6235", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6235" + }, + { + "name": "http://www.opera.com/docs/changelogs/solaris/1000/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/solaris/1000/" + }, + { + "name": "http://www.opera.com/docs/changelogs/linux/1000/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/linux/1000/" + }, + { + "name": "http://www.opera.com/support/kb/view/932/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/932/" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1000/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1000/" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1000/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1000/" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3404.json b/2009/3xxx/CVE-2009-3404.json index 91ca22a3eb5..e243c6e8b3e 100644 --- a/2009/3xxx/CVE-2009-3404.json +++ b/2009/3xxx/CVE-2009-3404.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3404", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft PeopleTools & Enterprise Portal component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.23 allows remote authenticated users to affect integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-3404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" - }, - { - "name" : "TA09-294A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" - }, - { - "name" : "36773", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36773" - }, - { - "name" : "1023061", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft PeopleTools & Enterprise Portal component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.23 allows remote authenticated users to affect integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36773", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36773" + }, + { + "name": "TA09-294A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" + }, + { + "name": "1023061", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023061" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3934.json b/2009/3xxx/CVE-2009-3934.json index 308280df4b4..40058ba2d9a 100644 --- a/2009/3xxx/CVE-2009-3934.json +++ b/2009/3xxx/CVE-2009-3934.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/webkit/glue/webframeloaderclient_impl.cc in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service via a page-local link, related to an \"empty redirect chain,\" as demonstrated by a message in Yahoo! Mail." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=22205", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=22205" - }, - { - "name" : "http://codereview.chromium.org/326015", - "refsource" : "CONFIRM", - "url" : "http://codereview.chromium.org/326015" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2009/11/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2009/11/stable-channel-update.html" - }, - { - "name" : "http://src.chromium.org/viewvc/chrome/branches/195/src/webkit/glue/webframeloaderclient_impl.cc?r1=30772&r2=30771", - "refsource" : "CONFIRM", - "url" : "http://src.chromium.org/viewvc/chrome/branches/195/src/webkit/glue/webframeloaderclient_impl.cc?r1=30772&r2=30771" - }, - { - "name" : "http://src.chromium.org/viewvc/chrome?view=rev&revision=30772", - "refsource" : "CONFIRM", - "url" : "http://src.chromium.org/viewvc/chrome?view=rev&revision=30772" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "59744", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/59744" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "googlechrome-webframeloader-dos(54296)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/webkit/glue/webframeloaderclient_impl.cc in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service via a page-local link, related to an \"empty redirect chain,\" as demonstrated by a message in Yahoo! Mail." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "http://googlechromereleases.blogspot.com/2009/11/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2009/11/stable-channel-update.html" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "http://src.chromium.org/viewvc/chrome?view=rev&revision=30772", + "refsource": "CONFIRM", + "url": "http://src.chromium.org/viewvc/chrome?view=rev&revision=30772" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "http://codereview.chromium.org/326015", + "refsource": "CONFIRM", + "url": "http://codereview.chromium.org/326015" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=22205", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=22205" + }, + { + "name": "googlechrome-webframeloader-dos(54296)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54296" + }, + { + "name": "http://src.chromium.org/viewvc/chrome/branches/195/src/webkit/glue/webframeloaderclient_impl.cc?r1=30772&r2=30771", + "refsource": "CONFIRM", + "url": "http://src.chromium.org/viewvc/chrome/branches/195/src/webkit/glue/webframeloaderclient_impl.cc?r1=30772&r2=30771" + }, + { + "name": "59744", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/59744" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0173.json b/2015/0xxx/CVE-2015-0173.json index 05c00e4ccc3..2e43ec80e76 100644 --- a/2015/0xxx/CVE-2015-0173.json +++ b/2015/0xxx/CVE-2015-0173.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTTP connection-management functionality in Internet Pass-Thru (IPT) before 2.1.0.2 in IBM WebSphere MQ, when HTTPS is disabled, does not properly generate MQIPT Session IDs, which makes it easier for remote attackers to bypass intended restrictions on MQ message data by predicting an ID value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699547", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699547" - }, - { - "name" : "1032630", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032630" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTTP connection-management functionality in Internet Pass-Thru (IPT) before 2.1.0.2 in IBM WebSphere MQ, when HTTPS is disabled, does not properly generate MQIPT Session IDs, which makes it easier for remote attackers to bypass intended restrictions on MQ message data by predicting an ID value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21699547", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699547" + }, + { + "name": "1032630", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032630" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0592.json b/2015/0xxx/CVE-2015-0592.json index 80fc2948195..ee49c279d7e 100644 --- a/2015/0xxx/CVE-2015-0592.json +++ b/2015/0xxx/CVE-2015-0592.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers incorrect kernel-timer handling, aka Bug ID CSCuh25672." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37416", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37416" - }, - { - "name" : "20150209 Cisco IOS Software Kernel Timer Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0592" - }, - { - "name" : "1031713", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031713" - }, - { - "name" : "ciscoios-cve20150592-dos(100758)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100758" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers incorrect kernel-timer handling, aka Bug ID CSCuh25672." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ciscoios-cve20150592-dos(100758)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100758" + }, + { + "name": "20150209 Cisco IOS Software Kernel Timer Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0592" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37416", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37416" + }, + { + "name": "1031713", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031713" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0810.json b/2015/0xxx/CVE-2015-0810.json index eb9f2f5f9de..ef2a2428d78 100644 --- a/2015/0xxx/CVE-2015-0810.json +++ b/2015/0xxx/CVE-2015-0810.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-0810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-35.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-35.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1125013", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1125013" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "GLSA-201512-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201512-10" - }, - { - "name" : "1031996", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031996", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031996" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-35.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-35.html" + }, + { + "name": "GLSA-201512-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201512-10" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1125013", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1125013" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0999.json b/2015/0xxx/CVE-2015-0999.json index 1629b824214..7eddb09128a 100644 --- a/2015/0xxx/CVE-2015-0999.json +++ b/2015/0xxx/CVE-2015-0999.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2015-0999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01" - }, - { - "name" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01", - "refsource" : "CONFIRM", - "url" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01" - }, - { - "name" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02", - "refsource" : "CONFIRM", - "url" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01", + "refsource": "CONFIRM", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01" + }, + { + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02", + "refsource": "CONFIRM", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1340.json b/2015/1xxx/CVE-2015-1340.json index 3c573999101..eb54a17307c 100644 --- a/2015/1xxx/CVE-2015-1340.json +++ b/2015/1xxx/CVE-2015-1340.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1340", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1340", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1692.json b/2015/1xxx/CVE-2015-1692.json index d9f85745f1f..b1749b22b07 100644 --- a/2015/1xxx/CVE-2015-1692.json +++ b/2015/1xxx/CVE-2015-1692.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 7 through 11 allows user-assisted remote attackers to read the clipboard contents via crafted web script, aka \"Internet Explorer Clipboard Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-043", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043" - }, - { - "name" : "74517", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74517" - }, - { - "name" : "1032282", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 7 through 11 allows user-assisted remote attackers to read the clipboard contents via crafted web script, aka \"Internet Explorer Clipboard Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032282", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032282" + }, + { + "name": "74517", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74517" + }, + { + "name": "MS15-043", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4131.json b/2015/4xxx/CVE-2015-4131.json index 0c0e074b20b..10b181a9058 100644 --- a/2015/4xxx/CVE-2015-4131.json +++ b/2015/4xxx/CVE-2015-4131.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4131", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4131", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4505.json b/2015/4xxx/CVE-2015-4505.json index b158359964e..a72dc679f38 100644 --- a/2015/4xxx/CVE-2015-4505.json +++ b/2015/4xxx/CVE-2015-4505.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-4505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-100.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-100.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1177861", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1177861" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "openSUSE-SU-2015:1658", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html" - }, - { - "name" : "openSUSE-SU-2015:1679", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html" - }, - { - "name" : "openSUSE-SU-2015:1681", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html" - }, - { - "name" : "1033640", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-100.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-100.html" + }, + { + "name": "openSUSE-SU-2015:1681", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1177861", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1177861" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "1033640", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033640" + }, + { + "name": "openSUSE-SU-2015:1679", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html" + }, + { + "name": "openSUSE-SU-2015:1658", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4506.json b/2015/4xxx/CVE-2015-4506.json index 21d45ee9e72..3de74d10d52 100644 --- a/2015/4xxx/CVE-2015-4506.json +++ b/2015/4xxx/CVE-2015-4506.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a crafted VP9 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-4506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-101.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-101.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1192226", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1192226" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "DSA-3365", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3365" - }, - { - "name" : "RHSA-2015:1834", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1834.html" - }, - { - "name" : "SUSE-SU-2015:2081", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html" - }, - { - "name" : "openSUSE-SU-2015:1658", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html" - }, - { - "name" : "SUSE-SU-2015:1680", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00004.html" - }, - { - "name" : "openSUSE-SU-2015:1679", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html" - }, - { - "name" : "openSUSE-SU-2015:1681", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html" - }, - { - "name" : "SUSE-SU-2015:1703", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00007.html" - }, - { - "name" : "USN-2743-4", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2743-4" - }, - { - "name" : "USN-2754-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2754-1" - }, - { - "name" : "USN-2743-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2743-1" - }, - { - "name" : "USN-2743-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2743-2" - }, - { - "name" : "USN-2743-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2743-3" - }, - { - "name" : "76816", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76816" - }, - { - "name" : "1033640", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a crafted VP9 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2015:1680", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00004.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1192226", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1192226" + }, + { + "name": "SUSE-SU-2015:2081", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html" + }, + { + "name": "openSUSE-SU-2015:1681", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html" + }, + { + "name": "USN-2754-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2754-1" + }, + { + "name": "USN-2743-4", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2743-4" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "USN-2743-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2743-3" + }, + { + "name": "RHSA-2015:1834", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1834.html" + }, + { + "name": "USN-2743-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2743-2" + }, + { + "name": "1033640", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033640" + }, + { + "name": "DSA-3365", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3365" + }, + { + "name": "76816", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76816" + }, + { + "name": "SUSE-SU-2015:1703", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00007.html" + }, + { + "name": "openSUSE-SU-2015:1679", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html" + }, + { + "name": "openSUSE-SU-2015:1658", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html" + }, + { + "name": "USN-2743-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2743-1" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-101.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-101.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4556.json b/2015/4xxx/CVE-2015-4556.json index 70211ba128a..273ea3665a7 100644 --- a/2015/4xxx/CVE-2015-4556.json +++ b/2015/4xxx/CVE-2015-4556.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[chicken-announce] 20150615 [Chicken-announce] [SECURITY] Potential buffer overrun in string-translate*", - "refsource" : "MLIST", - "url" : "http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html" - }, - { - "name" : "[chicken-hackers] 20150614 [Chicken-hackers] [PATCH] [SECURITY] Fix buffer overrun in string-translate*", - "refsource" : "MLIST", - "url" : "http://lists.nongnu.org/archive/html/chicken-hackers/2015-06/msg00037.html" - }, - { - "name" : "[oss-security] 20150615 Re: CVE request for buffer overrun in CHICKEN Scheme's string-translate* procedure", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2015/q2/712" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1231871", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1231871" - }, - { - "name" : "GLSA-201612-54", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-54" - }, - { - "name" : "97293", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97293" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1231871", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1231871" + }, + { + "name": "[oss-security] 20150615 Re: CVE request for buffer overrun in CHICKEN Scheme's string-translate* procedure", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2015/q2/712" + }, + { + "name": "[chicken-hackers] 20150614 [Chicken-hackers] [PATCH] [SECURITY] Fix buffer overrun in string-translate*", + "refsource": "MLIST", + "url": "http://lists.nongnu.org/archive/html/chicken-hackers/2015-06/msg00037.html" + }, + { + "name": "[chicken-announce] 20150615 [Chicken-announce] [SECURITY] Potential buffer overrun in string-translate*", + "refsource": "MLIST", + "url": "http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html" + }, + { + "name": "GLSA-201612-54", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-54" + }, + { + "name": "97293", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97293" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4754.json b/2015/4xxx/CVE-2015-4754.json index 61059517fb0..abbf9e385ab 100644 --- a/2015/4xxx/CVE-2015-4754.json +++ b/2015/4xxx/CVE-2015-4754.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640, CVE-2015-2654, CVE-2015-2656, CVE-2015-4764, CVE-2015-4775, CVE-2015-4776, CVE-2015-4777, CVE-2015-4778, CVE-2015-4780, CVE-2015-4781, CVE-2015-4782, CVE-2015-4783, CVE-2015-4784, CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, CVE-2015-4789, and CVE-2015-4790." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640, CVE-2015-2654, CVE-2015-2656, CVE-2015-4764, CVE-2015-4775, CVE-2015-4776, CVE-2015-4777, CVE-2015-4778, CVE-2015-4780, CVE-2015-4781, CVE-2015-4782, CVE-2015-4783, CVE-2015-4784, CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, CVE-2015-4789, and CVE-2015-4790." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8559.json b/2015/8xxx/CVE-2015-8559.json index 3178f67cb57..6a5a6dfa254 100644 --- a/2015/8xxx/CVE-2015-8559.json +++ b/2015/8xxx/CVE-2015-8559.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The knife bootstrap command in chef leaks the validator.pem private RSA key to /var/log/messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20151214 Re: Chef: knife bootstrap leaks validator privkey into system logs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/12/14/14" - }, - { - "name" : "https://github.com/chef/chef/issues/3871", - "refsource" : "CONFIRM", - "url" : "https://github.com/chef/chef/issues/3871" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The knife bootstrap command in chef leaks the validator.pem private RSA key to /var/log/messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20151214 Re: Chef: knife bootstrap leaks validator privkey into system logs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/12/14/14" + }, + { + "name": "https://github.com/chef/chef/issues/3871", + "refsource": "CONFIRM", + "url": "https://github.com/chef/chef/issues/3871" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9181.json b/2015/9xxx/CVE-2015-9181.json index e18b34aec6b..89fbf6faed9 100644 --- a/2015/9xxx/CVE-2015-9181.json +++ b/2015/9xxx/CVE-2015-9181.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2015-9181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, and SD 835, in a crypto API function, a buffer over-read can occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Over-read in TrustZone" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2015-9181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, and SD 835, in a crypto API function, a buffer over-read can occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Over-read in TrustZone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9263.json b/2015/9xxx/CVE-2015-9263.json index 39ee1b4cafa..205b5f4e0be 100644 --- a/2015/9xxx/CVE-2015-9263.json +++ b/2015/9xxx/CVE-2015-9263.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-9263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37888", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37888/" - }, - { - "name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5254.php", - "refsource" : "MISC", - "url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5254.php" - }, - { - "name" : "https://www.rapid7.com/db/modules/exploit/multi/http/uptime_file_upload_2", - "refsource" : "MISC", - "url" : "https://www.rapid7.com/db/modules/exploit/multi/http/uptime_file_upload_2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5254.php", + "refsource": "MISC", + "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5254.php" + }, + { + "name": "37888", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37888/" + }, + { + "name": "https://www.rapid7.com/db/modules/exploit/multi/http/uptime_file_upload_2", + "refsource": "MISC", + "url": "https://www.rapid7.com/db/modules/exploit/multi/http/uptime_file_upload_2" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5656.json b/2016/5xxx/CVE-2016-5656.json index 1733cca264a..f795affc556 100644 --- a/2016/5xxx/CVE-2016-5656.json +++ b/2016/5xxx/CVE-2016-5656.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5656", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5656", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2074.json b/2018/2xxx/CVE-2018-2074.json index c81c51e5194..cc3e6693b8d 100644 --- a/2018/2xxx/CVE-2018-2074.json +++ b/2018/2xxx/CVE-2018-2074.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2074", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2074", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2080.json b/2018/2xxx/CVE-2018-2080.json index 28f1a5fa457..ecd8f8a2a10 100644 --- a/2018/2xxx/CVE-2018-2080.json +++ b/2018/2xxx/CVE-2018-2080.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2080", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2080", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2463.json b/2018/2xxx/CVE-2018-2463.json index f2d358fdc94..276df8c52d9 100644 --- a/2018/2xxx/CVE-2018-2463.json +++ b/2018/2xxx/CVE-2018-2463.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2018-2463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP Hybris Commerce", - "version" : { - "version_data" : [ - { - "version_name" : "=", - "version_value" : "6.*" - } - ] - } - } - ] - }, - "vendor_name" : "SAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Server-Side Request Forgery (SSRF)" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2018-2463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP Hybris Commerce", + "version": { + "version_data": [ + { + "version_name": "=", + "version_value": "6.*" + } + ] + } + } + ] + }, + "vendor_name": "SAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.support.sap.com/#/notes/2680834", - "refsource" : "MISC", - "url" : "https://launchpad.support.sap.com/#/notes/2680834" - }, - { - "name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993", - "refsource" : "CONFIRM", - "url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993" - }, - { - "name" : "105339", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105339" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server-Side Request Forgery (SSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105339", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105339" + }, + { + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993", + "refsource": "CONFIRM", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993" + }, + { + "name": "https://launchpad.support.sap.com/#/notes/2680834", + "refsource": "MISC", + "url": "https://launchpad.support.sap.com/#/notes/2680834" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2512.json b/2018/2xxx/CVE-2018-2512.json index e405d8e3b23..41bb0874ae4 100644 --- a/2018/2xxx/CVE-2018-2512.json +++ b/2018/2xxx/CVE-2018-2512.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2512", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-2512", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3604.json b/2018/3xxx/CVE-2018-3604.json index 8847b0734ad..e23633939ef 100644 --- a/2018/3xxx/CVE-2018-3604.json +++ b/2018/3xxx/CVE-2018-3604.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2018-3604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Control Manager", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2018-3604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Control Manager", + "version": { + "version_data": [ + { + "version_value": "6.0" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-067/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-067/" - }, - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-084/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-084/" - }, - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-088/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-088/" - }, - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-095/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-095/" - }, - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-096/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-096/" - }, - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-097/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-097/" - }, - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-102/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-102/" - }, - { - "name" : "https://success.trendmicro.com/solution/1119158", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1119158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-088/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-088/" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-084/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-084/" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-067/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-067/" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-097/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-097/" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-102/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-102/" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-095/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-095/" + }, + { + "name": "https://success.trendmicro.com/solution/1119158", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1119158" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-096/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-096/" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6370.json b/2018/6xxx/CVE-2018-6370.json index 045b636d4da..71dee05706d 100644 --- a/2018/6xxx/CVE-2018-6370.json +++ b/2018/6xxx/CVE-2018-6370.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6370", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6370", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44123", - "refsource" : "EXPLOIT-DB", - "url" : "https://exploit-db.com/exploits/44123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44123", + "refsource": "EXPLOIT-DB", + "url": "https://exploit-db.com/exploits/44123" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6381.json b/2018/6xxx/CVE-2018-6381.json index a146dc3dd82..86414a38947 100644 --- a/2018/6xxx/CVE-2018-6381.json +++ b/2018/6xxx/CVE-2018-6381.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6381", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/gdraheim/zziplib/issues/12", - "refsource" : "MISC", - "url" : "https://github.com/gdraheim/zziplib/issues/12" - }, - { - "name" : "USN-3699-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3699-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3699-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3699-1/" + }, + { + "name": "https://github.com/gdraheim/zziplib/issues/12", + "refsource": "MISC", + "url": "https://github.com/gdraheim/zziplib/issues/12" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6462.json b/2018/6xxx/CVE-2018-6462.json index bff01e41f55..b254d972f8e 100644 --- a/2018/6xxx/CVE-2018-6462.json +++ b/2018/6xxx/CVE-2018-6462.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://herolab.usd.de/wp-content/uploads/sites/4/2018/07/usd20180019.txt", - "refsource" : "MISC", - "url" : "https://herolab.usd.de/wp-content/uploads/sites/4/2018/07/usd20180019.txt" - }, - { - "name" : "https://www.tracker-software.com/company/news_press_events/view/179", - "refsource" : "CONFIRM", - "url" : "https://www.tracker-software.com/company/news_press_events/view/179" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tracker-software.com/company/news_press_events/view/179", + "refsource": "CONFIRM", + "url": "https://www.tracker-software.com/company/news_press_events/view/179" + }, + { + "name": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/07/usd20180019.txt", + "refsource": "MISC", + "url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/07/usd20180019.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6900.json b/2018/6xxx/CVE-2018-6900.json index fc16ae44605..1efea7b1c7b 100644 --- a/2018/6xxx/CVE-2018-6900.json +++ b/2018/6xxx/CVE-2018-6900.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6900", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://0day4u.wordpress.com/2018/03/12/website-broker-script-stored-xss/", - "refsource" : "MISC", - "url" : "https://0day4u.wordpress.com/2018/03/12/website-broker-script-stored-xss/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://0day4u.wordpress.com/2018/03/12/website-broker-script-stored-xss/", + "refsource": "MISC", + "url": "https://0day4u.wordpress.com/2018/03/12/website-broker-script-stored-xss/" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6962.json b/2018/6xxx/CVE-2018-6962.json index a9ebb6320b7..ca100cbc850 100644 --- a/2018/6xxx/CVE-2018-6962.json +++ b/2018/6xxx/CVE-2018-6962.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "DATE_PUBLIC" : "2018-05-21T00:00:00", - "ID" : "CVE-2018-6962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Fusion", - "version" : { - "version_data" : [ - { - "version_value" : "10.x before 10.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "VMware" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Signature bypass vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "DATE_PUBLIC": "2018-05-21T00:00:00", + "ID": "CVE-2018-6962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fusion", + "version": { + "version_data": [ + { + "version_value": "10.x before 10.1.2" + } + ] + } + } + ] + }, + "vendor_name": "VMware" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vmware.com/security/advisories/VMSA-2018-0013.html", - "refsource" : "CONFIRM", - "url" : "https://www.vmware.com/security/advisories/VMSA-2018-0013.html" - }, - { - "name" : "104235", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104235" - }, - { - "name" : "1040957", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040957" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Signature bypass vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104235", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104235" + }, + { + "name": "1040957", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040957" + }, + { + "name": "https://www.vmware.com/security/advisories/VMSA-2018-0013.html", + "refsource": "CONFIRM", + "url": "https://www.vmware.com/security/advisories/VMSA-2018-0013.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7435.json b/2018/7xxx/CVE-2018-7435.json index bcaf9a81df3..ac3792bf421 100644 --- a/2018/7xxx/CVE-2018-7435.json +++ b/2018/7xxx/CVE-2018-7435.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the freexl::destroy_cell function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180301 [SECURITY] [DLA 1297-1] freexl security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00000.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1547879", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1547879" - }, - { - "name" : "https://groups.google.com/forum/#!topic/spatialite-users/b-d9iB5TDPE", - "refsource" : "MISC", - "url" : "https://groups.google.com/forum/#!topic/spatialite-users/b-d9iB5TDPE" - }, - { - "name" : "DSA-4129", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the freexl::destroy_cell function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180301 [SECURITY] [DLA 1297-1] freexl security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00000.html" + }, + { + "name": "https://groups.google.com/forum/#!topic/spatialite-users/b-d9iB5TDPE", + "refsource": "MISC", + "url": "https://groups.google.com/forum/#!topic/spatialite-users/b-d9iB5TDPE" + }, + { + "name": "DSA-4129", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4129" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1547879", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547879" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7489.json b/2018/7xxx/CVE-2018-7489.json index 9d67729d37c..0e9468ca484 100644 --- a/2018/7xxx/CVE-2018-7489.json +++ b/2018/7xxx/CVE-2018-7489.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/FasterXML/jackson-databind/issues/1931", - "refsource" : "CONFIRM", - "url" : "https://github.com/FasterXML/jackson-databind/issues/1931" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180328-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180328-0001/" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "DSA-4190", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4190" - }, - { - "name" : "RHSA-2018:1447", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1447" - }, - { - "name" : "RHSA-2018:1448", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1448" - }, - { - "name" : "RHSA-2018:1449", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1449" - }, - { - "name" : "RHSA-2018:1450", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1450" - }, - { - "name" : "RHSA-2018:1451", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1451" - }, - { - "name" : "RHSA-2018:1786", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1786" - }, - { - "name" : "RHSA-2018:2088", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2088" - }, - { - "name" : "RHSA-2018:2089", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2089" - }, - { - "name" : "RHSA-2018:2090", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2090" - }, - { - "name" : "RHSA-2018:2938", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2938" - }, - { - "name" : "RHSA-2018:2939", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2939" - }, - { - "name" : "103203", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103203" - }, - { - "name" : "1040693", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040693" - }, - { - "name" : "1041890", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041890" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103203", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103203" + }, + { + "name": "RHSA-2018:1448", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1448" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "RHSA-2018:1449", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1449" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us" + }, + { + "name": "RHSA-2018:2938", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2938" + }, + { + "name": "RHSA-2018:1450", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1450" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180328-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180328-0001/" + }, + { + "name": "RHSA-2018:2090", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2090" + }, + { + "name": "RHSA-2018:2939", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2939" + }, + { + "name": "1041890", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041890" + }, + { + "name": "1040693", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040693" + }, + { + "name": "https://github.com/FasterXML/jackson-databind/issues/1931", + "refsource": "CONFIRM", + "url": "https://github.com/FasterXML/jackson-databind/issues/1931" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "RHSA-2018:1786", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1786" + }, + { + "name": "RHSA-2018:1451", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1451" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "DSA-4190", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4190" + }, + { + "name": "RHSA-2018:1447", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1447" + }, + { + "name": "RHSA-2018:2088", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2088" + }, + { + "name": "RHSA-2018:2089", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2089" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7576.json b/2018/7xxx/CVE-2018-7576.json index 01811fa9e7f..a42746d7549 100644 --- a/2018/7xxx/CVE-2018-7576.json +++ b/2018/7xxx/CVE-2018-7576.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7576", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7576", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7707.json b/2018/7xxx/CVE-2018-7707.json index 6f8d4445daa..a1e350a2c1a 100644 --- a/2018/7xxx/CVE-2018-7707.json +++ b/2018/7xxx/CVE-2018-7707.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via an HTML-formatted e-mail message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44285", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44285/" - }, - { - "name" : "20180312 SEC Consult SA-20180312-0 :: Multiple Critical Vulnerabilities in SecurEnvoy SecurMail", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Mar/29" - }, - { - "name" : "https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via an HTML-formatted e-mail message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180312 SEC Consult SA-20180312-0 :: Multiple Critical Vulnerabilities in SecurEnvoy SecurMail", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Mar/29" + }, + { + "name": "https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html", + "refsource": "MISC", + "url": "https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html" + }, + { + "name": "44285", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44285/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7756.json b/2018/7xxx/CVE-2018-7756.json index bdb085ee5c0..b659b074024 100644 --- a/2018/7xxx/CVE-2018-7756.json +++ b/2018/7xxx/CVE-2018-7756.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require authentication for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access internal commands, as demonstrated by a RUN command that launches a .EXE file located at an arbitrary external URL, or a \"SETFIREWALL Off\" command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44275", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44275/" - }, - { - "name" : "http://hyp3rlinx.altervista.org/advisories/DEWESOFT-X3-REMOTE-INTERNAL-COMMAND-ACCESS.txt", - "refsource" : "MISC", - "url" : "http://hyp3rlinx.altervista.org/advisories/DEWESOFT-X3-REMOTE-INTERNAL-COMMAND-ACCESS.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require authentication for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access internal commands, as demonstrated by a RUN command that launches a .EXE file located at an arbitrary external URL, or a \"SETFIREWALL Off\" command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hyp3rlinx.altervista.org/advisories/DEWESOFT-X3-REMOTE-INTERNAL-COMMAND-ACCESS.txt", + "refsource": "MISC", + "url": "http://hyp3rlinx.altervista.org/advisories/DEWESOFT-X3-REMOTE-INTERNAL-COMMAND-ACCESS.txt" + }, + { + "name": "44275", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44275/" + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5007.json b/2019/5xxx/CVE-2019-5007.json index 14cced1b6a4..0b0d8964a4b 100644 --- a/2019/5xxx/CVE-2019-5007.json +++ b/2019/5xxx/CVE-2019-5007.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is an Out-of-Bounds Read Information Disclosure and crash due to a NULL pointer dereference when reading TIFF data during TIFF parsing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is an Out-of-Bounds Read Information Disclosure and crash due to a NULL pointer dereference when reading TIFF data during TIFF parsing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5091.json b/2019/5xxx/CVE-2019-5091.json index 27bcbe487c4..8a526b758e3 100644 --- a/2019/5xxx/CVE-2019-5091.json +++ b/2019/5xxx/CVE-2019-5091.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5091", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5091", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5133.json b/2019/5xxx/CVE-2019-5133.json index c79ed073af8..284d3a9d9d0 100644 --- a/2019/5xxx/CVE-2019-5133.json +++ b/2019/5xxx/CVE-2019-5133.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5133", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5133", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5170.json b/2019/5xxx/CVE-2019-5170.json index ca35645018d..b08bf443454 100644 --- a/2019/5xxx/CVE-2019-5170.json +++ b/2019/5xxx/CVE-2019-5170.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5170", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5170", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file