From c4e1504e35c047b3e916ffbab6bd1afee31a47b4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:31:48 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/0xxx/CVE-1999-0464.json | 140 +++++----- 1999/1xxx/CVE-1999-1106.json | 140 +++++----- 2005/2xxx/CVE-2005-2152.json | 150 +++++------ 2005/2xxx/CVE-2005-2529.json | 170 ++++++------ 2005/3xxx/CVE-2005-3152.json | 190 +++++++------- 2005/3xxx/CVE-2005-3348.json | 280 ++++++++++---------- 2007/5xxx/CVE-2007-5458.json | 150 +++++------ 2007/5xxx/CVE-2007-5711.json | 170 ++++++------ 2007/5xxx/CVE-2007-5805.json | 190 +++++++------- 2009/2xxx/CVE-2009-2592.json | 130 +++++----- 2009/2xxx/CVE-2009-2922.json | 150 +++++------ 2009/3xxx/CVE-2009-3231.json | 290 ++++++++++----------- 2009/3xxx/CVE-2009-3251.json | 150 +++++------ 2015/0xxx/CVE-2015-0171.json | 120 ++++----- 2015/0xxx/CVE-2015-0375.json | 150 +++++------ 2015/0xxx/CVE-2015-0557.json | 210 +++++++-------- 2015/0xxx/CVE-2015-0657.json | 130 +++++----- 2015/0xxx/CVE-2015-0750.json | 120 ++++----- 2015/0xxx/CVE-2015-0831.json | 330 ++++++++++++------------ 2015/4xxx/CVE-2015-4200.json | 140 +++++----- 2015/4xxx/CVE-2015-4549.json | 34 +-- 2015/4xxx/CVE-2015-4722.json | 34 +-- 2015/8xxx/CVE-2015-8163.json | 34 +-- 2015/8xxx/CVE-2015-8232.json | 130 +++++----- 2015/8xxx/CVE-2015-8826.json | 34 +-- 2015/9xxx/CVE-2015-9070.json | 132 +++++----- 2015/9xxx/CVE-2015-9279.json | 140 +++++----- 2016/5xxx/CVE-2016-5084.json | 160 ++++++------ 2016/5xxx/CVE-2016-5928.json | 34 +-- 2018/1999xxx/CVE-2018-1999021.json | 126 ++++----- 2018/2xxx/CVE-2018-2009.json | 188 +++++++------- 2018/2xxx/CVE-2018-2035.json | 34 +-- 2018/2xxx/CVE-2018-2491.json | 138 +++++----- 2018/2xxx/CVE-2018-2800.json | 398 ++++++++++++++--------------- 2018/6xxx/CVE-2018-6185.json | 34 +-- 2018/6xxx/CVE-2018-6416.json | 34 +-- 2018/6xxx/CVE-2018-6806.json | 130 +++++----- 2018/7xxx/CVE-2018-7446.json | 34 +-- 2018/7xxx/CVE-2018-7518.json | 122 ++++----- 2019/1xxx/CVE-2019-1220.json | 34 +-- 2019/1xxx/CVE-2019-1500.json | 34 +-- 2019/1xxx/CVE-2019-1800.json | 34 +-- 2019/5xxx/CVE-2019-5381.json | 34 +-- 2019/5xxx/CVE-2019-5774.json | 162 ++++++------ 2019/5xxx/CVE-2019-5833.json | 34 +-- 45 files changed, 2901 insertions(+), 2901 deletions(-) diff --git a/1999/0xxx/CVE-1999-0464.json b/1999/0xxx/CVE-1999-0464.json index 244c1303993..e0899c48d5e 100644 --- a/1999/0xxx/CVE-1999-0464.json +++ b/1999/0xxx/CVE-1999-0464.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Local users can perform a denial of service in Tripwire 1.2 and earlier using long filenames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990104 Tripwire mess..", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=91553066310826&w=2" - }, - { - "name" : "http://marc.info/?l=bugtraq&m=91592136122066&w=2", - "refsource" : "CONFIRM", - "url" : "http://marc.info/?l=bugtraq&m=91592136122066&w=2" - }, - { - "name" : "6609", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Local users can perform a denial of service in Tripwire 1.2 and earlier using long filenames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://marc.info/?l=bugtraq&m=91592136122066&w=2", + "refsource": "CONFIRM", + "url": "http://marc.info/?l=bugtraq&m=91592136122066&w=2" + }, + { + "name": "19990104 Tripwire mess..", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=91553066310826&w=2" + }, + { + "name": "6609", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6609" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1106.json b/1999/1xxx/CVE-1999-1106.json index bb3eec39acc..c91884a3701 100644 --- a/1999/1xxx/CVE-1999-1106.json +++ b/1999/1xxx/CVE-1999-1106.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in kppp in KDE allows local users to gain root access via a long -c (account_name) command line argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19980429 Security hole in kppp", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/9121" - }, - { - "name" : "kde-kppp-account-bo(1643)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1643" - }, - { - "name" : "92", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in kppp in KDE allows local users to gain root access via a long -c (account_name) command line argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19980429 Security hole in kppp", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/9121" + }, + { + "name": "kde-kppp-account-bo(1643)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1643" + }, + { + "name": "92", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2152.json b/2005/2xxx/CVE-2005-2152.json index 001ecb9606f..1732d127707 100644 --- a/2005/2xxx/CVE-2005-2152.json +++ b/2005/2xxx/CVE-2005-2152.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Geeklog before 1.3.11 allows remote attackers to execute arbitrary SQL commands via user comments for an article." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.geeklog.net/article.php/geeklog-1.3.11sr1", - "refsource" : "CONFIRM", - "url" : "http://www.geeklog.net/article.php/geeklog-1.3.11sr1" - }, - { - "name" : "http://www.hardened-php.net/advisory-062005.php", - "refsource" : "MISC", - "url" : "http://www.hardened-php.net/advisory-062005.php" - }, - { - "name" : "1014381", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014381" - }, - { - "name" : "15914", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Geeklog before 1.3.11 allows remote attackers to execute arbitrary SQL commands via user comments for an article." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.geeklog.net/article.php/geeklog-1.3.11sr1", + "refsource": "CONFIRM", + "url": "http://www.geeklog.net/article.php/geeklog-1.3.11sr1" + }, + { + "name": "15914", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15914" + }, + { + "name": "http://www.hardened-php.net/advisory-062005.php", + "refsource": "MISC", + "url": "http://www.hardened-php.net/advisory-062005.php" + }, + { + "name": "1014381", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014381" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2529.json b/2005/2xxx/CVE-2005-2529.json index 4d5339b1dcd..ecc32e9c38d 100644 --- a/2005/2xxx/CVE-2005-2529.json +++ b/2005/2xxx/CVE-2005-2529.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to gain privileges via unspecified attack vectors relating to \"the utility used to update Java shared archives.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=302266", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=302266" - }, - { - "name" : "APPLE-SA-2005-09-13", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2005/Sep/msg00000.html" - }, - { - "name" : "P-306", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/p-306.shtml" - }, - { - "name" : "ADV-2005-1734", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1734" - }, - { - "name" : "16808", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16808" - }, - { - "name" : "macos-archive-utility-gain-privileges(22264)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22264" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to gain privileges via unspecified attack vectors relating to \"the utility used to update Java shared archives.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "P-306", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/p-306.shtml" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=302266", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=302266" + }, + { + "name": "ADV-2005-1734", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1734" + }, + { + "name": "macos-archive-utility-gain-privileges(22264)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22264" + }, + { + "name": "APPLE-SA-2005-09-13", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2005/Sep/msg00000.html" + }, + { + "name": "16808", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16808" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3152.json b/2005/3xxx/CVE-2005-3152.json index d5c083deb01..80976f5c19d 100644 --- a/2005/3xxx/CVE-2005-3152.json +++ b/2005/3xxx/CVE-2005-3152.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) the searchStr parameter in a viewCat action to index.php. Note: vectors (1) and (2) were later reported to affect 3.0.7-pl1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2005/09/cubecart-303-multiple-variable-cross.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2005/09/cubecart-303-multiple-variable-cross.html" - }, - { - "name" : "http://lostmon.blogspot.com/2006/01/cubecart-307-pl1-indexphp-multiple.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2006/01/cubecart-307-pl1-indexphp-multiple.html" - }, - { - "name" : "http://bugs.cubecart.com/?do=details&id=459", - "refsource" : "MISC", - "url" : "http://bugs.cubecart.com/?do=details&id=459" - }, - { - "name" : "http://bugs.cubecart.com/?do=details&id=363", - "refsource" : "CONFIRM", - "url" : "http://bugs.cubecart.com/?do=details&id=363" - }, - { - "name" : "14962", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14962" - }, - { - "name" : "1014984", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014984" - }, - { - "name" : "35", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/35" - }, - { - "name" : "cubecart-index-script-xss(24177)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24177" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) the searchStr parameter in a viewCat action to index.php. Note: vectors (1) and (2) were later reported to affect 3.0.7-pl1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cubecart-index-script-xss(24177)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24177" + }, + { + "name": "http://bugs.cubecart.com/?do=details&id=363", + "refsource": "CONFIRM", + "url": "http://bugs.cubecart.com/?do=details&id=363" + }, + { + "name": "http://bugs.cubecart.com/?do=details&id=459", + "refsource": "MISC", + "url": "http://bugs.cubecart.com/?do=details&id=459" + }, + { + "name": "http://lostmon.blogspot.com/2005/09/cubecart-303-multiple-variable-cross.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2005/09/cubecart-303-multiple-variable-cross.html" + }, + { + "name": "1014984", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014984" + }, + { + "name": "35", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/35" + }, + { + "name": "http://lostmon.blogspot.com/2006/01/cubecart-307-pl1-indexphp-multiple.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2006/01/cubecart-307-pl1-indexphp-multiple.html" + }, + { + "name": "14962", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14962" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3348.json b/2005/3xxx/CVE-2005-3348.json index f28fcace243..5054c45a825 100644 --- a/2005/3xxx/CVE-2005-3348.json +++ b/2005/3xxx/CVE-2005-3348.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-3348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/416543" - }, - { - "name" : "http://www.hardened-php.net/advisory_212005.81.html", - "refsource" : "MISC", - "url" : "http://www.hardened-php.net/advisory_212005.81.html" - }, - { - "name" : "DSA-897", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-897" - }, - { - "name" : "DSA-898", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-898" - }, - { - "name" : "DSA-899", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-899" - }, - { - "name" : "GLSA-200511-18", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200511-18.xml" - }, - { - "name" : "MDKSA-2005:212", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:212" - }, - { - "name" : "15414", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15414" - }, - { - "name" : "15396", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15396" - }, - { - "name" : "17698", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17698" - }, - { - "name" : "17441", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17441" - }, - { - "name" : "17570", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17570" - }, - { - "name" : "17584", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17584" - }, - { - "name" : "17620", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17620" - }, - { - "name" : "17616", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17616" - }, - { - "name" : "17643", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17643" - }, - { - "name" : "phpsysinfo-registerglobal-data-manipulation(23107)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17616", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17616" + }, + { + "name": "MDKSA-2005:212", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:212" + }, + { + "name": "15396", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15396" + }, + { + "name": "GLSA-200511-18", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-18.xml" + }, + { + "name": "15414", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15414" + }, + { + "name": "17698", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17698" + }, + { + "name": "DSA-898", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-898" + }, + { + "name": "17441", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17441" + }, + { + "name": "20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/416543" + }, + { + "name": "DSA-897", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-897" + }, + { + "name": "17620", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17620" + }, + { + "name": "17584", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17584" + }, + { + "name": "http://www.hardened-php.net/advisory_212005.81.html", + "refsource": "MISC", + "url": "http://www.hardened-php.net/advisory_212005.81.html" + }, + { + "name": "17570", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17570" + }, + { + "name": "DSA-899", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-899" + }, + { + "name": "17643", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17643" + }, + { + "name": "phpsysinfo-registerglobal-data-manipulation(23107)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23107" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5458.json b/2007/5xxx/CVE-2007-5458.json index de54eb995c0..345671a9c12 100644 --- a/2007/5xxx/CVE-2007-5458.json +++ b/2007/5xxx/CVE-2007-5458.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in the newsletter module 1.0 for KwsPHP, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsletter parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4523", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4523" - }, - { - "name" : "26051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26051" - }, - { - "name" : "27219", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27219" - }, - { - "name" : "kwsphp-newsletter-sql-injection(37083)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37083" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in the newsletter module 1.0 for KwsPHP, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsletter parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26051" + }, + { + "name": "kwsphp-newsletter-sql-injection(37083)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37083" + }, + { + "name": "27219", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27219" + }, + { + "name": "4523", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4523" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5711.json b/2007/5xxx/CVE-2007-5711.json index 2bcba989f16..c6aa11463d8 100644 --- a/2007/5xxx/CVE-2007-5711.json +++ b/2007/5xxx/CVE-2007-5711.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Massive Entertainment World in Conflict 1.001 and earlier allows remote attackers to cause a denial of service (failed assertion and daemon crash) via a large packet to TCP or UDP port 48000." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/wicassert-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/wicassert-adv.txt" - }, - { - "name" : "http://aluigi.org/poc/wicassert.zip", - "refsource" : "MISC", - "url" : "http://aluigi.org/poc/wicassert.zip" - }, - { - "name" : "ADV-2007-3636", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3636" - }, - { - "name" : "39019", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39019" - }, - { - "name" : "27417", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27417" - }, - { - "name" : "worldinconflict-packets-dos(37462)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37462" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Massive Entertainment World in Conflict 1.001 and earlier allows remote attackers to cause a denial of service (failed assertion and daemon crash) via a large packet to TCP or UDP port 48000." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/wicassert-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/wicassert-adv.txt" + }, + { + "name": "27417", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27417" + }, + { + "name": "worldinconflict-packets-dos(37462)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37462" + }, + { + "name": "ADV-2007-3636", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3636" + }, + { + "name": "39019", + "refsource": "OSVDB", + "url": "http://osvdb.org/39019" + }, + { + "name": "http://aluigi.org/poc/wicassert.zip", + "refsource": "MISC", + "url": "http://aluigi.org/poc/wicassert.zip" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5805.json b/2007/5xxx/CVE-2007-5805.json index 47ccf0507c3..f59d1945d34 100644 --- a/2007/5xxx/CVE-2007-5805.json +++ b/2007/5xxx/CVE-2007-5805.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the \"-p\" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: this issue is due to an incomplete fix for CVE-2007-5804." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071030 IBM AIX swcons Local Arbitrary File Access Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611" - }, - { - "name" : "ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar", - "refsource" : "CONFIRM", - "url" : "ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar" - }, - { - "name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405", - "refsource" : "CONFIRM", - "url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405" - }, - { - "name" : "IZ03055", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055" - }, - { - "name" : "IZ03061", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061" - }, - { - "name" : "26258", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26258" - }, - { - "name" : "27437", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27437" - }, - { - "name" : "aix-swcons-insecure-permissions(38154)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the \"-p\" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: this issue is due to an incomplete fix for CVE-2007-5804." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aix-swcons-insecure-permissions(38154)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38154" + }, + { + "name": "27437", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27437" + }, + { + "name": "26258", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26258" + }, + { + "name": "IZ03055", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055" + }, + { + "name": "ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar", + "refsource": "CONFIRM", + "url": "ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar" + }, + { + "name": "IZ03061", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061" + }, + { + "name": "20071030 IBM AIX swcons Local Arbitrary File Access Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611" + }, + { + "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405", + "refsource": "CONFIRM", + "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2592.json b/2009/2xxx/CVE-2009-2592.json index c090a6da84d..649ca4d72e4 100644 --- a/2009/2xxx/CVE-2009-2592.json +++ b/2009/2xxx/CVE-2009-2592.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in guestbook.php in PHPJunkYard GBook 1.6 allows remote attackers to execute arbitrary SQL commands via the mes_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9197", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9197" - }, - { - "name" : "gbook-guestbook-sql-injection(51827)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51827" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in guestbook.php in PHPJunkYard GBook 1.6 allows remote attackers to execute arbitrary SQL commands via the mes_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gbook-guestbook-sql-injection(51827)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51827" + }, + { + "name": "9197", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9197" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2922.json b/2009/2xxx/CVE-2009-2922.json index dc2e0f17ce9..fa601ab0931 100644 --- a/2009/2xxx/CVE-2009-2922.json +++ b/2009/2xxx/CVE-2009-2922.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2922", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute path traversal vulnerability in pixaria.image.php in Pixaria Gallery 2.0.0 through 2.3.5 allows remote attackers to read arbitrary files via a base64-encoded file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9257", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9257" - }, - { - "name" : "http://www.pixaria.com/news/article/234", - "refsource" : "CONFIRM", - "url" : "http://www.pixaria.com/news/article/234" - }, - { - "name" : "35802", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35802" - }, - { - "name" : "pixaria-image-directory-traversal(51994)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51994" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute path traversal vulnerability in pixaria.image.php in Pixaria Gallery 2.0.0 through 2.3.5 allows remote attackers to read arbitrary files via a base64-encoded file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35802", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35802" + }, + { + "name": "9257", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9257" + }, + { + "name": "http://www.pixaria.com/news/article/234", + "refsource": "CONFIRM", + "url": "http://www.pixaria.com/news/article/234" + }, + { + "name": "pixaria-image-directory-traversal(51994)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51994" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3231.json b/2009/3xxx/CVE-2009-3231.json index a2a4d8710cb..a63304ae6f0 100644 --- a/2009/3xxx/CVE-2009-3231.json +++ b/2009/3xxx/CVE-2009-3231.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100307 rPSA-2010-0012-1 postgresql postgresql-contrib postgresql-server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509917/100/0/threaded" - }, - { - "name" : "http://www.postgresql.org/docs/8.3/static/release-8-3-8.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/8.3/static/release-8-3-8.html" - }, - { - "name" : "http://www.postgresql.org/support/security.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/support/security.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=522084", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=522084" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012" - }, - { - "name" : "DSA-1900", - "refsource" : "DEBIAN", - "url" : "http://www.us.debian.org/security/2009/dsa-1900" - }, - { - "name" : "FEDORA-2009-9473", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html" - }, - { - "name" : "FEDORA-2009-9474", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html" - }, - { - "name" : "HPSBMU02781", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134124585221119&w=2" - }, - { - "name" : "SSRT100617", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134124585221119&w=2" - }, - { - "name" : "SUSE-SR:2009:016", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" - }, - { - "name" : "SUSE-SR:2009:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" - }, - { - "name" : "USN-834-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-834-1" - }, - { - "name" : "36314", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36314" - }, - { - "name" : "36660", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36660" - }, - { - "name" : "36727", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36727" - }, - { - "name" : "36837", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36837" - }, - { - "name" : "36800", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36800" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2009-9474", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html" + }, + { + "name": "http://www.postgresql.org/docs/8.3/static/release-8-3-8.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/8.3/static/release-8-3-8.html" + }, + { + "name": "36314", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36314" + }, + { + "name": "HPSBMU02781", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134124585221119&w=2" + }, + { + "name": "36837", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36837" + }, + { + "name": "http://www.postgresql.org/support/security.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/support/security.html" + }, + { + "name": "36660", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36660" + }, + { + "name": "20100307 rPSA-2010-0012-1 postgresql postgresql-contrib postgresql-server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509917/100/0/threaded" + }, + { + "name": "36800", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36800" + }, + { + "name": "DSA-1900", + "refsource": "DEBIAN", + "url": "http://www.us.debian.org/security/2009/dsa-1900" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=522084", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=522084" + }, + { + "name": "FEDORA-2009-9473", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html" + }, + { + "name": "SUSE-SR:2009:016", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" + }, + { + "name": "36727", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36727" + }, + { + "name": "SUSE-SR:2009:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" + }, + { + "name": "USN-834-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-834-1" + }, + { + "name": "SSRT100617", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134124585221119&w=2" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3251.json b/2009/3xxx/CVE-2009-3251.json index cd32ebca554..b7ebbf29679 100644 --- a/2009/3xxx/CVE-2009-3251.json +++ b/2009/3xxx/CVE-2009-3251.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "include/utils/ListViewUtils.php in vtiger CRM before 5.1.0 allows remote authenticated users to bypass intended access restrictions and read the (1) visibility, (2) location, and (3) recurrence fields of a calendar via a custom view." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/12407", - "refsource" : "CONFIRM", - "url" : "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/12407" - }, - { - "name" : "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/4208", - "refsource" : "CONFIRM", - "url" : "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/4208" - }, - { - "name" : "57241", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/57241" - }, - { - "name" : "36309", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36309" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "include/utils/ListViewUtils.php in vtiger CRM before 5.1.0 allows remote authenticated users to bypass intended access restrictions and read the (1) visibility, (2) location, and (3) recurrence fields of a calendar via a custom view." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57241", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/57241" + }, + { + "name": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/4208", + "refsource": "CONFIRM", + "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/4208" + }, + { + "name": "36309", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36309" + }, + { + "name": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/12407", + "refsource": "CONFIRM", + "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/12407" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0171.json b/2015/0xxx/CVE-2015-0171.json index c955305062c..4841a8fc251 100644 --- a/2015/0xxx/CVE-2015-0171.json +++ b/2015/0xxx/CVE-2015-0171.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0171", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to write to arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699470", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699470" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to write to arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0375.json b/2015/0xxx/CVE-2015-0375.json index fd7beab1904..f9677c58283 100644 --- a/2015/0xxx/CVE-2015-0375.json +++ b/2015/0xxx/CVE-2015-0375.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect confidentiality via unknown vectors related to Network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "72153", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72153" - }, - { - "name" : "1031583", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031583" - }, - { - "name" : "oracle-cpujan2015-cve20150375(100164)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect confidentiality via unknown vectors related to Network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031583", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031583" + }, + { + "name": "72153", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72153" + }, + { + "name": "oracle-cpujan2015-cve20150375(100164)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100164" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0557.json b/2015/0xxx/CVE-2015-0557.json index 559cab29f42..5d6ac404cc8 100644 --- a/2015/0xxx/CVE-2015-0557.json +++ b/2015/0xxx/CVE-2015-0557.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2015-0557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150103 CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/03/5" - }, - { - "name" : "[oss-security] 20150105 Re: CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/05/9" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774435", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774435" - }, - { - "name" : "DSA-3213", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3213" - }, - { - "name" : "FEDORA-2015-5603", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html" - }, - { - "name" : "FEDORA-2015-5546", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html" - }, - { - "name" : "FEDORA-2015-5524", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html" - }, - { - "name" : "GLSA-201612-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-15" - }, - { - "name" : "MDVSA-2015:201", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:201" - }, - { - "name" : "71895", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2015:201", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:201" + }, + { + "name": "FEDORA-2015-5546", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html" + }, + { + "name": "[oss-security] 20150105 Re: CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/05/9" + }, + { + "name": "GLSA-201612-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-15" + }, + { + "name": "[oss-security] 20150103 CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/03/5" + }, + { + "name": "FEDORA-2015-5524", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html" + }, + { + "name": "DSA-3213", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3213" + }, + { + "name": "FEDORA-2015-5603", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html" + }, + { + "name": "71895", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71895" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774435", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774435" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0657.json b/2015/0xxx/CVE-2015-0657.json index 0959e332bf2..68974580eeb 100644 --- a/2015/0xxx/CVE-2015-0657.json +++ b/2015/0xxx/CVE-2015-0657.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCur69192." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150304 Cisco IOS XR Software Malformed RSVP Packet Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0657" - }, - { - "name" : "1031841", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031841" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCur69192." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031841", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031841" + }, + { + "name": "20150304 Cisco IOS XR Software Malformed RSVP Packet Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0657" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0750.json b/2015/0xxx/CVE-2015-0750.json index e75e033f7ab..b74c6b480b3 100644 --- a/2015/0xxx/CVE-2015-0750.json +++ b/2015/0xxx/CVE-2015-0750.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0750", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The administrative web interface in Cisco Hosted Collaboration Solution (HCS) 10.6(1) and earlier allows remote authenticated users to execute arbitrary commands via crafted input to unspecified fields, aka Bug ID CSCut02786." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0750", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150522 Cisco HCS Administrative Web Interface Arbitrary Command Execution Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=38969" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The administrative web interface in Cisco Hosted Collaboration Solution (HCS) 10.6(1) and earlier allows remote authenticated users to execute arbitrary commands via crafted input to unspecified fields, aka Bug ID CSCut02786." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150522 Cisco HCS Administrative Web Interface Arbitrary Command Execution Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38969" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0831.json b/2015/0xxx/CVE-2015-0831.json index f67e977bcec..c2d5ce44367 100644 --- a/2015/0xxx/CVE-2015-0831.json +++ b/2015/0xxx/CVE-2015-0831.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-0831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-16.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-16.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1130541", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1130541" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "DSA-3174", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3174" - }, - { - "name" : "DSA-3179", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3179" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "RHSA-2015:0265", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0265.html" - }, - { - "name" : "RHSA-2015:0266", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0266.html" - }, - { - "name" : "RHSA-2015:0642", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0642.html" - }, - { - "name" : "SUSE-SU-2015:0412", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.html" - }, - { - "name" : "SUSE-SU-2015:0446", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.html" - }, - { - "name" : "SUSE-SU-2015:0447", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.html" - }, - { - "name" : "openSUSE-SU-2015:0448", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.html" - }, - { - "name" : "openSUSE-SU-2015:0404", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html" - }, - { - "name" : "openSUSE-SU-2015:0567", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html" - }, - { - "name" : "openSUSE-SU-2015:0570", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html" - }, - { - "name" : "openSUSE-SU-2015:1266", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" - }, - { - "name" : "USN-2505-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2505-1" - }, - { - "name" : "USN-2506-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2506-1" - }, - { - "name" : "72746", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72746" - }, - { - "name" : "1031791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031791" - }, - { - "name" : "1031792", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031792" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72746", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72746" + }, + { + "name": "SUSE-SU-2015:0446", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.html" + }, + { + "name": "SUSE-SU-2015:0447", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-16.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-16.html" + }, + { + "name": "RHSA-2015:0642", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0642.html" + }, + { + "name": "openSUSE-SU-2015:0448", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.html" + }, + { + "name": "USN-2506-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2506-1" + }, + { + "name": "openSUSE-SU-2015:0567", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "openSUSE-SU-2015:0404", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html" + }, + { + "name": "RHSA-2015:0265", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0265.html" + }, + { + "name": "1031792", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031792" + }, + { + "name": "DSA-3174", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3174" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1130541", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1130541" + }, + { + "name": "openSUSE-SU-2015:1266", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" + }, + { + "name": "DSA-3179", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3179" + }, + { + "name": "RHSA-2015:0266", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0266.html" + }, + { + "name": "1031791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031791" + }, + { + "name": "openSUSE-SU-2015:0570", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html" + }, + { + "name": "USN-2505-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2505-1" + }, + { + "name": "SUSE-SU-2015:0412", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4200.json b/2015/4xxx/CVE-2015-4200.json index 69723a4de69..d5c012f120d 100644 --- a/2015/4xxx/CVE-2015-4200.json +++ b/2015/4xxx/CVE-2015-4200.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (memory consumption) by triggering an error during CPE negotiation, aka Bug ID CSCug00885." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150622 Cisco IOS Software UBR Devices IPv6 to IPv4 Subsystem Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39424" - }, - { - "name" : "75254", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75254" - }, - { - "name" : "1032692", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032692" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (memory consumption) by triggering an error during CPE negotiation, aka Bug ID CSCug00885." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032692", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032692" + }, + { + "name": "20150622 Cisco IOS Software UBR Devices IPv6 to IPv4 Subsystem Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39424" + }, + { + "name": "75254", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75254" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4549.json b/2015/4xxx/CVE-2015-4549.json index 33e94ed6404..ed328faad85 100644 --- a/2015/4xxx/CVE-2015-4549.json +++ b/2015/4xxx/CVE-2015-4549.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4549", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4549", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4722.json b/2015/4xxx/CVE-2015-4722.json index 4b149b73abf..714cf80d3fe 100644 --- a/2015/4xxx/CVE-2015-4722.json +++ b/2015/4xxx/CVE-2015-4722.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4722", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4722", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8163.json b/2015/8xxx/CVE-2015-8163.json index def9ef495f6..e5ddec35c4b 100644 --- a/2015/8xxx/CVE-2015-8163.json +++ b/2015/8xxx/CVE-2015-8163.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8163", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8163", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8232.json b/2015/8xxx/CVE-2015-8232.json index bb41919ab54..0728be20f00 100644 --- a/2015/8xxx/CVE-2015-8232.json +++ b/2015/8xxx/CVE-2015-8232.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does not properly check access to profiles in certain circumstances, which might allow remote attackers to obtain sensitive information from the anonymous user profile via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/node/2613444", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2613444" - }, - { - "name" : "https://www.drupal.org/node/2612812", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2612812" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does not properly check access to profiles in certain circumstances, which might allow remote attackers to obtain sensitive information from the anonymous user profile via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2613444", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2613444" + }, + { + "name": "https://www.drupal.org/node/2612812", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2612812" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8826.json b/2015/8xxx/CVE-2015-8826.json index 6ecedd71f40..2f734d0a8f1 100644 --- a/2015/8xxx/CVE-2015-8826.json +++ b/2015/8xxx/CVE-2015-8826.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8826", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-8826", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9070.json b/2015/9xxx/CVE-2015-9070.json index 59c9ffc0ea7..fac9ef04e3e 100644 --- a/2015/9xxx/CVE-2015-9070.json +++ b/2015/9xxx/CVE-2015-9070.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-07-01T00:00:00", - "ID" : "CVE-2015-9070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Over-read in TrustZone" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-07-01T00:00:00", + "ID": "CVE-2015-9070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "99467", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Over-read in TrustZone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + }, + { + "name": "99467", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99467" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9279.json b/2015/9xxx/CVE-2015-9279.json index 4e452acac31..72a5980fcbd 100644 --- a/2015/9xxx/CVE-2015-9279.json +++ b/2015/9xxx/CVE-2015-9279.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-9279", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MailEnable before 8.60 allows Stored XSS via malformed use of \"\" character in the body of an e-mail message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://web.archive.org/web/20150329173628/http://www.mailenable.com/Standard-ReleaseNotes.txt", - "refsource" : "MISC", - "url" : "https://web.archive.org/web/20150329173628/http://www.mailenable.com/Standard-ReleaseNotes.txt" - }, - { - "name" : "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-multiple-vulnerabilities-in-mailenable.pdf", - "refsource" : "MISC", - "url" : "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-multiple-vulnerabilities-in-mailenable.pdf" - }, - { - "name" : "https://www.nccgroup.trust/uk/our-research/multiple-vulnerabilities-in-mailenable/", - "refsource" : "MISC", - "url" : "https://www.nccgroup.trust/uk/our-research/multiple-vulnerabilities-in-mailenable/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MailEnable before 8.60 allows Stored XSS via malformed use of \"\" character in the body of an e-mail message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-multiple-vulnerabilities-in-mailenable.pdf", + "refsource": "MISC", + "url": "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-multiple-vulnerabilities-in-mailenable.pdf" + }, + { + "name": "https://www.nccgroup.trust/uk/our-research/multiple-vulnerabilities-in-mailenable/", + "refsource": "MISC", + "url": "https://www.nccgroup.trust/uk/our-research/multiple-vulnerabilities-in-mailenable/" + }, + { + "name": "https://web.archive.org/web/20150329173628/http://www.mailenable.com/Standard-ReleaseNotes.txt", + "refsource": "MISC", + "url": "https://web.archive.org/web/20150329173628/http://www.mailenable.com/Standard-ReleaseNotes.txt" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5084.json b/2016/5xxx/CVE-2016-5084.json index df494c5a43c..35b8e6bf4b3 100644 --- a/2016/5xxx/CVE-2016-5084.json +++ b/2016/5xxx/CVE-2016-5084.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-5084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS", - "refsource" : "MISC", - "url" : "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS" - }, - { - "name" : "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump", - "refsource" : "MISC", - "url" : "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01" - }, - { - "name" : "VU#884840", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/884840" - }, - { - "name" : "93351", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93351" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump", + "refsource": "MISC", + "url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump" + }, + { + "name": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS", + "refsource": "MISC", + "url": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01" + }, + { + "name": "VU#884840", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/884840" + }, + { + "name": "93351", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93351" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5928.json b/2016/5xxx/CVE-2016-5928.json index 5f6f7f25a5b..6f6fbf2b834 100644 --- a/2016/5xxx/CVE-2016-5928.json +++ b/2016/5xxx/CVE-2016-5928.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5928", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5928", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1999xxx/CVE-2018-1999021.json b/2018/1999xxx/CVE-2018-1999021.json index 7ff7c261529..c232c2019cc 100644 --- a/2018/1999xxx/CVE-2018-1999021.json +++ b/2018/1999xxx/CVE-2018-1999021.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-07-20T20:44:32.989838", - "DATE_REQUESTED" : "2018-07-19T11:07:49", - "ID" : "CVE-2018-1999021", - "REQUESTER" : "drstache.wh@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Gleez Cms", - "version" : { - "version_data" : [ - { - "version_value" : "1.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "Gleezcms" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gleezcms Gleez Cms version 1.3.0 contains a Cross Site Scripting (XSS) vulnerability in Profile page that can result in Inject arbitrary web script or HTML via the profile page editor. This attack appear to be exploitable via The victim must navigate to the attacker's profile page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-07-20T20:44:32.989838", + "DATE_REQUESTED": "2018-07-19T11:07:49", + "ID": "CVE-2018-1999021", + "REQUESTER": "drstache.wh@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/gleez/cms/issues/797", - "refsource" : "CONFIRM", - "url" : "https://github.com/gleez/cms/issues/797" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gleezcms Gleez Cms version 1.3.0 contains a Cross Site Scripting (XSS) vulnerability in Profile page that can result in Inject arbitrary web script or HTML via the profile page editor. This attack appear to be exploitable via The victim must navigate to the attacker's profile page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/gleez/cms/issues/797", + "refsource": "CONFIRM", + "url": "https://github.com/gleez/cms/issues/797" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2009.json b/2018/2xxx/CVE-2018-2009.json index 2f54f2db871..46aec5db9ac 100644 --- a/2018/2xxx/CVE-2018-2009.json +++ b/2018/2xxx/CVE-2018-2009.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-03-05T00:00:00", - "ID" : "CVE-2018-2009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "API Connect", - "version" : { - "version_data" : [ - { - "version_value" : "2018.1" - }, - { - "version_value" : "2018.4.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "H", - "I" : "N", - "PR" : "L", - "S" : "U", - "SCORE" : "6.500", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-03-05T00:00:00", + "ID": "CVE-2018-2009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "API Connect", + "version": { + "version_data": [ + { + "version_value": "2018.1" + }, + { + "version_value": "2018.4.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10794327", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10794327" - }, - { - "name" : "107396", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107396" - }, - { - "name" : "ibm-api-cve20182009-info-disc(155148)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155148" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "H", + "I": "N", + "PR": "L", + "S": "U", + "SCORE": "6.500", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "107396", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107396" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10794327", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10794327" + }, + { + "name": "ibm-api-cve20182009-info-disc(155148)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155148" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2035.json b/2018/2xxx/CVE-2018-2035.json index f969ba1c12b..abefd0f825c 100644 --- a/2018/2xxx/CVE-2018-2035.json +++ b/2018/2xxx/CVE-2018-2035.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2035", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2035", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2491.json b/2018/2xxx/CVE-2018-2491.json index 9a9e621dc5c..fdd5d966e00 100644 --- a/2018/2xxx/CVE-2018-2491.json +++ b/2018/2xxx/CVE-2018-2491.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2018-2491", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP Fiori Client", - "version" : { - "version_data" : [ - { - "version_name" : "<", - "version_value" : "1.11.5" - } - ] - } - } - ] - }, - "vendor_name" : "SAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When opening a deep link URL in SAP Fiori Client with log level set to \"Debug\", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps on the hyperlink in the viewer. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Code Injection" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2018-2491", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP Fiori Client", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "1.11.5" + } + ] + } + } + ] + }, + "vendor_name": "SAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.support.sap.com/#/notes/2691126", - "refsource" : "MISC", - "url" : "https://launchpad.support.sap.com/#/notes/2691126" - }, - { - "name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832", - "refsource" : "MISC", - "url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When opening a deep link URL in SAP Fiori Client with log level set to \"Debug\", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps on the hyperlink in the viewer. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Code Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://launchpad.support.sap.com/#/notes/2691126", + "refsource": "MISC", + "url": "https://launchpad.support.sap.com/#/notes/2691126" + }, + { + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832", + "refsource": "MISC", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2800.json b/2018/2xxx/CVE-2018-2800.json index 379aaa83f1f..8906cb6836a 100644 --- a/2018/2xxx/CVE-2018-2800.json +++ b/2018/2xxx/CVE-2018-2800.json @@ -1,201 +1,201 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java SE: 6u181" - }, - { - "version_affected" : "=", - "version_value" : "7u171" - }, - { - "version_affected" : "=", - "version_value" : "8u162; JRockit: R28.3.17" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java SE: 6u181" + }, + { + "version_affected": "=", + "version_value": "7u171" + }, + { + "version_affected": "=", + "version_value": "8u162; JRockit: R28.3.17" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180419-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180419-0001/" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us" - }, - { - "name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", - "refsource" : "CONFIRM", - "url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" - }, - { - "name" : "DSA-4185", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4185" - }, - { - "name" : "DSA-4225", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4225" - }, - { - "name" : "GLSA-201903-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201903-14" - }, - { - "name" : "RHSA-2018:1188", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1188" - }, - { - "name" : "RHSA-2018:1191", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1191" - }, - { - "name" : "RHSA-2018:1201", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1201" - }, - { - "name" : "RHSA-2018:1202", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1202" - }, - { - "name" : "RHSA-2018:1203", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1203" - }, - { - "name" : "RHSA-2018:1204", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1204" - }, - { - "name" : "RHSA-2018:1205", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1205" - }, - { - "name" : "RHSA-2018:1206", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1206" - }, - { - "name" : "RHSA-2018:1270", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1270" - }, - { - "name" : "RHSA-2018:1278", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1278" - }, - { - "name" : "RHSA-2018:1721", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1721" - }, - { - "name" : "RHSA-2018:1722", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1722" - }, - { - "name" : "RHSA-2018:1723", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1723" - }, - { - "name" : "RHSA-2018:1724", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1724" - }, - { - "name" : "RHSA-2018:1974", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1974" - }, - { - "name" : "RHSA-2018:1975", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1975" - }, - { - "name" : "USN-3644-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3644-1/" - }, - { - "name" : "USN-3691-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3691-1/" - }, - { - "name" : "103849", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103849" - }, - { - "name" : "1040697", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:1278", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1278" + }, + { + "name": "DSA-4185", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4185" + }, + { + "name": "RHSA-2018:1975", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1975" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us" + }, + { + "name": "GLSA-201903-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201903-14" + }, + { + "name": "DSA-4225", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4225" + }, + { + "name": "1040697", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040697" + }, + { + "name": "RHSA-2018:1724", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1724" + }, + { + "name": "RHSA-2018:1203", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1203" + }, + { + "name": "USN-3644-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3644-1/" + }, + { + "name": "RHSA-2018:1723", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1723" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180419-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180419-0001/" + }, + { + "name": "RHSA-2018:1201", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1201" + }, + { + "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", + "refsource": "CONFIRM", + "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" + }, + { + "name": "RHSA-2018:1204", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1204" + }, + { + "name": "103849", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103849" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "RHSA-2018:1722", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1722" + }, + { + "name": "RHSA-2018:1974", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1974" + }, + { + "name": "RHSA-2018:1205", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1205" + }, + { + "name": "RHSA-2018:1721", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1721" + }, + { + "name": "USN-3691-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3691-1/" + }, + { + "name": "RHSA-2018:1202", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1202" + }, + { + "name": "RHSA-2018:1191", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1191" + }, + { + "name": "RHSA-2018:1188", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1188" + }, + { + "name": "RHSA-2018:1206", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1206" + }, + { + "name": "RHSA-2018:1270", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1270" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6185.json b/2018/6xxx/CVE-2018-6185.json index a2e3429d756..0ae2ea04058 100644 --- a/2018/6xxx/CVE-2018-6185.json +++ b/2018/6xxx/CVE-2018-6185.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6185", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6185", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6416.json b/2018/6xxx/CVE-2018-6416.json index d38fc42fa7b..be904af7f57 100644 --- a/2018/6xxx/CVE-2018-6416.json +++ b/2018/6xxx/CVE-2018-6416.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6416", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6416", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6806.json b/2018/6xxx/CVE-2018-6806.json index fa2f90ae2cc..fcc7a065cbd 100644 --- a/2018/6xxx/CVE-2018-6806.json +++ b/2018/6xxx/CVE-2018-6806.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6806", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Marked 2 through 2.5.11 allows remote attackers to read arbitrary files via a crafted HTML document that triggers a redirect to an x-marked://preview?text= URL. The value of the text parameter can include arbitrary JavaScript code, e.g., making XMLHttpRequest calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6806", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.markedapp.com/discussions/questions/9089-reporting-a-vulnerability", - "refsource" : "MISC", - "url" : "http://support.markedapp.com/discussions/questions/9089-reporting-a-vulnerability" - }, - { - "name" : "http://www.lynxsecurity.io/releases/Local%20File%20Disclosure%20in%20Marked2.pdf", - "refsource" : "MISC", - "url" : "http://www.lynxsecurity.io/releases/Local%20File%20Disclosure%20in%20Marked2.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Marked 2 through 2.5.11 allows remote attackers to read arbitrary files via a crafted HTML document that triggers a redirect to an x-marked://preview?text= URL. The value of the text parameter can include arbitrary JavaScript code, e.g., making XMLHttpRequest calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.lynxsecurity.io/releases/Local%20File%20Disclosure%20in%20Marked2.pdf", + "refsource": "MISC", + "url": "http://www.lynxsecurity.io/releases/Local%20File%20Disclosure%20in%20Marked2.pdf" + }, + { + "name": "http://support.markedapp.com/discussions/questions/9089-reporting-a-vulnerability", + "refsource": "MISC", + "url": "http://support.markedapp.com/discussions/questions/9089-reporting-a-vulnerability" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7446.json b/2018/7xxx/CVE-2018-7446.json index 4dc52681559..6fbd04d3040 100644 --- a/2018/7xxx/CVE-2018-7446.json +++ b/2018/7xxx/CVE-2018-7446.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7446", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7446", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7518.json b/2018/7xxx/CVE-2018-7518.json index 14c2c1eae0d..777af3a89fe 100644 --- a/2018/7xxx/CVE-2018-7518.json +++ b/2018/7xxx/CVE-2018-7518.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-05-24T00:00:00", - "ID" : "CVE-2018-7518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BeaconMedæs TotalAlert Scroll Medical Air Systems web application", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to version 4107600010.23" - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, an attacker with network access to the integrated web server could retrieve default or user defined credentials stored and transmitted in an insecure manner." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-05-24T00:00:00", + "ID": "CVE-2018-7518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BeaconMedæs TotalAlert Scroll Medical Air Systems web application", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 4107600010.23" + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-144-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-144-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, an attacker with network access to the integrated web server could retrieve default or user defined credentials stored and transmitted in an insecure manner." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-144-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-144-01" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1220.json b/2019/1xxx/CVE-2019-1220.json index 8e766e8ff2f..214093ea640 100644 --- a/2019/1xxx/CVE-2019-1220.json +++ b/2019/1xxx/CVE-2019-1220.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1220", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1220", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1500.json b/2019/1xxx/CVE-2019-1500.json index 961fbcba8f6..847fe3ba551 100644 --- a/2019/1xxx/CVE-2019-1500.json +++ b/2019/1xxx/CVE-2019-1500.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1500", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1500", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1800.json b/2019/1xxx/CVE-2019-1800.json index 12d02ffdc88..e0dbea09071 100644 --- a/2019/1xxx/CVE-2019-1800.json +++ b/2019/1xxx/CVE-2019-1800.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1800", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1800", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5381.json b/2019/5xxx/CVE-2019-5381.json index 0cbdfd5eb28..2e63f53b341 100644 --- a/2019/5xxx/CVE-2019-5381.json +++ b/2019/5xxx/CVE-2019-5381.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5381", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5381", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5774.json b/2019/5xxx/CVE-2019-5774.json index 8dd470c2cad..dc244821503 100644 --- a/2019/5xxx/CVE-2019-5774.json +++ b/2019/5xxx/CVE-2019-5774.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2019-5774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "72.0.3626.81" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient validation of untrusted input" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2019-5774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "72.0.3626.81" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/904182", - "refsource" : "MISC", - "url" : "https://crbug.com/904182" - }, - { - "name" : "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4395", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4395" - }, - { - "name" : "RHSA-2019:0309", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0309" - }, - { - "name" : "106767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106767" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient validation of untrusted input" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106767" + }, + { + "name": "https://crbug.com/904182", + "refsource": "MISC", + "url": "https://crbug.com/904182" + }, + { + "name": "RHSA-2019:0309", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0309" + }, + { + "name": "DSA-4395", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4395" + }, + { + "name": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5833.json b/2019/5xxx/CVE-2019-5833.json index 5b8fe8f37d1..e787ffab9dc 100644 --- a/2019/5xxx/CVE-2019-5833.json +++ b/2019/5xxx/CVE-2019-5833.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5833", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5833", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file