From cf94adfcfa4f4c1f70c08da41fe3bde357e726d8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:47:30 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/1xxx/CVE-1999-1054.json | 120 ++++----- 1999/1xxx/CVE-1999-1092.json | 120 ++++----- 1999/1xxx/CVE-1999-1156.json | 120 ++++----- 2000/0xxx/CVE-2000-0051.json | 130 +++++----- 2000/0xxx/CVE-2000-0144.json | 130 +++++----- 2000/0xxx/CVE-2000-0562.json | 120 ++++----- 2000/1xxx/CVE-2000-1060.json | 140 +++++----- 2005/2xxx/CVE-2005-2302.json | 150 +++++------ 2005/2xxx/CVE-2005-2518.json | 160 ++++++------ 2005/2xxx/CVE-2005-2598.json | 140 +++++----- 2005/3xxx/CVE-2005-3247.json | 260 +++++++++---------- 2005/3xxx/CVE-2005-3253.json | 170 ++++++------ 2005/3xxx/CVE-2005-3517.json | 160 ++++++------ 2005/3xxx/CVE-2005-3534.json | 270 +++++++++---------- 2005/3xxx/CVE-2005-3622.json | 190 +++++++------- 2005/3xxx/CVE-2005-3954.json | 190 +++++++------- 2005/4xxx/CVE-2005-4070.json | 34 +-- 2009/2xxx/CVE-2009-2336.json | 220 ++++++++-------- 2009/2xxx/CVE-2009-2366.json | 170 ++++++------ 2009/2xxx/CVE-2009-2959.json | 190 +++++++------- 2009/3xxx/CVE-2009-3564.json | 140 +++++----- 2009/3xxx/CVE-2009-3666.json | 160 ++++++------ 2009/3xxx/CVE-2009-3727.json | 230 ++++++++-------- 2009/3xxx/CVE-2009-3981.json | 310 +++++++++++----------- 2009/4xxx/CVE-2009-4391.json | 120 ++++----- 2015/0xxx/CVE-2015-0116.json | 120 ++++----- 2015/0xxx/CVE-2015-0554.json | 130 +++++----- 2015/0xxx/CVE-2015-0564.json | 230 ++++++++-------- 2015/0xxx/CVE-2015-0740.json | 140 +++++----- 2015/0xxx/CVE-2015-0752.json | 130 +++++----- 2015/1xxx/CVE-2015-1275.json | 180 ++++++------- 2015/1xxx/CVE-2015-1324.json | 140 +++++----- 2015/1xxx/CVE-2015-1950.json | 140 +++++----- 2015/4xxx/CVE-2015-4190.json | 150 +++++------ 2015/4xxx/CVE-2015-4747.json | 120 ++++----- 2015/4xxx/CVE-2015-4924.json | 130 +++++----- 2015/5xxx/CVE-2015-5246.json | 130 +++++----- 2015/5xxx/CVE-2015-5364.json | 490 +++++++++++++++++------------------ 2015/9xxx/CVE-2015-9180.json | 132 +++++----- 2018/2xxx/CVE-2018-2108.json | 34 +-- 2018/3xxx/CVE-2018-3221.json | 140 +++++----- 2018/3xxx/CVE-2018-3509.json | 34 +-- 2018/3xxx/CVE-2018-3518.json | 34 +-- 2018/3xxx/CVE-2018-3598.json | 122 ++++----- 2018/6xxx/CVE-2018-6085.json | 172 ++++++------ 2018/6xxx/CVE-2018-6163.json | 172 ++++++------ 2018/6xxx/CVE-2018-6960.json | 142 +++++----- 2018/6xxx/CVE-2018-6980.json | 130 +++++----- 2018/7xxx/CVE-2018-7053.json | 150 +++++------ 2018/7xxx/CVE-2018-7358.json | 178 ++++++------- 2018/7xxx/CVE-2018-7630.json | 34 +-- 2018/7xxx/CVE-2018-7691.json | 196 +++++++------- 2018/7xxx/CVE-2018-7785.json | 132 +++++----- 53 files changed, 4088 insertions(+), 4088 deletions(-) diff --git a/1999/1xxx/CVE-1999-1054.json b/1999/1xxx/CVE-1999-1054.json index a52ef394c4f..1943954d898 100644 --- a/1999/1xxx/CVE-1999-1054.json +++ b/1999/1xxx/CVE-1999-1054.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of FLEXlm license manager 6.0d, and possibly other versions, allows remote attackers to shut down the server via the lmdown command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19980925 Globetrotter FlexLM 'lmdown' bogosity", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=90675672323825&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of FLEXlm license manager 6.0d, and possibly other versions, allows remote attackers to shut down the server via the lmdown command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19980925 Globetrotter FlexLM 'lmdown' bogosity", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=90675672323825&w=2" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1092.json b/1999/1xxx/CVE-1999-1092.json index dfc3edda82e..53e952b1156 100644 --- a/1999/1xxx/CVE-1999-1092.json +++ b/1999/1xxx/CVE-1999-1092.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tin 1.40 creates the .tin directory with insecure permissions, which allows local users to read passwords from the .inputhistory file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19991117 default permissions for tin", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=94286179032648&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tin 1.40 creates the .tin directory with insecure permissions, which allows local users to read passwords from the .inputhistory file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19991117 default permissions for tin", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=94286179032648&w=2" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1156.json b/1999/1xxx/CVE-1999-1156.json index 84bf2d8269d..01e1aa6a52b 100644 --- a/1999/1xxx/CVE-1999-1156.json +++ b/1999/1xxx/CVE-1999-1156.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BisonWare FTP Server 4.1 and earlier allows remote attackers to cause a denial of service via a malformed PORT command that contains a non-numeric character and a large number of carriage returns." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "bisonware-port-crash(2254)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/2254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BisonWare FTP Server 4.1 and earlier allows remote attackers to cause a denial of service via a malformed PORT command that contains a non-numeric character and a large number of carriage returns." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bisonware-port-crash(2254)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2254" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0051.json b/2000/0xxx/CVE-2000-0051.json index d7c35f0790c..74013067e96 100644 --- a/2000/0xxx/CVE-2000-0051.json +++ b/2000/0xxx/CVE-2000-0051.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by repeatedly resubmitting data collections for indexing via a URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ASB00-02", - "refsource" : "ALLAIRE", - "url" : "http://www.allaire.com/handlers/index.cfm?ID=13977&Method=Full" - }, - { - "name" : "916", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/916" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by repeatedly resubmitting data collections for indexing via a URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ASB00-02", + "refsource": "ALLAIRE", + "url": "http://www.allaire.com/handlers/index.cfm?ID=13977&Method=Full" + }, + { + "name": "916", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/916" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0144.json b/2000/0xxx/CVE-2000-0144.json index 0522981ef93..f65574b19ce 100644 --- a/2000/0xxx/CVE-2000-0144.json +++ b/2000/0xxx/CVE-2000-0144.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0144", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000207 Infosec.20000207.axis700.a", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-02/0034.html" - }, - { - "name" : "971", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/971" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "971", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/971" + }, + { + "name": "20000207 Infosec.20000207.axis700.a", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-02/0034.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0562.json b/2000/0xxx/CVE-2000-0562.json index 22cb0bf8c2b..c7730536fbb 100644 --- a/2000/0xxx/CVE-2000-0562.json +++ b/2000/0xxx/CVE-2000-0562.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and earlier, do not properly block Back Orifice traffic when the security setting is Nervous or lower." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000620 BlackICE by Network ICE Corp vulnerability against Back Orifice 1.2", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-06/0190.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and earlier, do not properly block Back Orifice traffic when the security setting is Nervous or lower." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000620 BlackICE by Network ICE Corp vulnerability against Back Orifice 1.2", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0190.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1060.json b/2000/1xxx/CVE-2000-1060.json index 3e183860fed..88e37b6d96f 100644 --- a/2000/1xxx/CVE-2000-1060.json +++ b/2000/1xxx/CVE-2000-1060.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an \"xhost + localhost\" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001002 Local vulnerability in XFCE 3.5.1", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-10/0022.html" - }, - { - "name" : "1736", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1736" - }, - { - "name" : "xinitrc-bypass-xauthority(5305)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5305" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an \"xhost + localhost\" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20001002 Local vulnerability in XFCE 3.5.1", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0022.html" + }, + { + "name": "1736", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1736" + }, + { + "name": "xinitrc-bypass-xauthority(5305)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5305" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2302.json b/2005/2xxx/CVE-2005-2302.json index 7e24eba6197..7078e90efda 100644 --- a/2005/2xxx/CVE-2005-2302.json +++ b/2005/2xxx/CVE-2005-2302.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2302", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a \"blank out\" of answers to those clients that are allowed to use recursion." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050716 PowerDNS 2.9.18 fixes two security issues affecting users of LDAP", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112155941310297&w=2" - }, - { - "name" : "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18", - "refsource" : "CONFIRM", - "url" : "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18" - }, - { - "name" : "SUSE-SR:2005:019", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_19_sr.html" - }, - { - "name" : "1014504", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014504" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a \"blank out\" of answers to those clients that are allowed to use recursion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18", + "refsource": "CONFIRM", + "url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18" + }, + { + "name": "SUSE-SR:2005:019", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html" + }, + { + "name": "20050716 PowerDNS 2.9.18 fixes two security issues affecting users of LDAP", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112155941310297&w=2" + }, + { + "name": "1014504", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014504" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2518.json b/2005/2xxx/CVE-2005-2518.json index ca4d8cc1d97..55a267e8754 100644 --- a/2005/2xxx/CVE-2005-2518.json +++ b/2005/2xxx/CVE-2005-2518.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2005-08-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" - }, - { - "name" : "APPLE-SA-2005-08-17", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" - }, - { - "name" : "TA05-229A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-229A.html" - }, - { - "name" : "VU#461412", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/461412" - }, - { - "name" : "1014709", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014709" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#461412", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/461412" + }, + { + "name": "TA05-229A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-229A.html" + }, + { + "name": "APPLE-SA-2005-08-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" + }, + { + "name": "APPLE-SA-2005-08-17", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" + }, + { + "name": "1014709", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014709" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2598.json b/2005/2xxx/CVE-2005-2598.json index 26ebe952393..80089a52cf5 100644 --- a/2005/2xxx/CVE-2005-2598.json +++ b/2005/2xxx/CVE-2005-2598.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in Dokeos 1.6 and earlier, and possibly Claroline, allow remote attackers to (1) delete arbitrary files or directories via the delete parameter to claroline/scorm/scormdocument.php, (2) move arbitrary files via the move_to and move_file parameters to claroline/document/document.php, or determine the existence of arbitrary files via the file parameter to (3) claroline/scorm/showinframes.php or (4) claroline/scorm/contents.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050812 Multiple directory traversal vulnerabilities in Claroline", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/lists/fulldisclosure/2005/Aug/0394.html" - }, - { - "name" : "20050819 Re: Erroneous Informations - Multiple directory traversal vulnerabilities in Claroline", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/036345.html" - }, - { - "name" : "16407", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in Dokeos 1.6 and earlier, and possibly Claroline, allow remote attackers to (1) delete arbitrary files or directories via the delete parameter to claroline/scorm/scormdocument.php, (2) move arbitrary files via the move_to and move_file parameters to claroline/document/document.php, or determine the existence of arbitrary files via the file parameter to (3) claroline/scorm/showinframes.php or (4) claroline/scorm/contents.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050819 Re: Erroneous Informations - Multiple directory traversal vulnerabilities in Claroline", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/036345.html" + }, + { + "name": "16407", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16407" + }, + { + "name": "20050812 Multiple directory traversal vulnerabilities in Claroline", + "refsource": "FULLDISC", + "url": "http://seclists.org/lists/fulldisclosure/2005/Aug/0394.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3247.json b/2005/3xxx/CVE-2005-3247.json index 2afa1f482f6..a9143537a7f 100644 --- a/2005/3xxx/CVE-2005-3247.json +++ b/2005/3xxx/CVE-2005-3247.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SigComp UDVM in Ethereal 0.10.12 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-3247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00021.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00021.html" - }, - { - "name" : "FLSA-2006:152922", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" - }, - { - "name" : "GLSA-200510-25", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200510-25.xml" - }, - { - "name" : "RHSA-2005:809", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-809.html" - }, - { - "name" : "SUSE-SR:2005:025", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_25_sr.html" - }, - { - "name" : "15148", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15148" - }, - { - "name" : "20132", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20132" - }, - { - "name" : "oval:org.mitre.oval:def:10241", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10241" - }, - { - "name" : "1015082", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015082" - }, - { - "name" : "17377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17377" - }, - { - "name" : "17254", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17254" - }, - { - "name" : "17286", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17286" - }, - { - "name" : "17327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17327" - }, - { - "name" : "17392", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17392" - }, - { - "name" : "17480", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17480" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SigComp UDVM in Ethereal 0.10.12 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2005:809", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-809.html" + }, + { + "name": "17327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17327" + }, + { + "name": "GLSA-200510-25", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-25.xml" + }, + { + "name": "17392", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17392" + }, + { + "name": "17480", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17480" + }, + { + "name": "1015082", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015082" + }, + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00021.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00021.html" + }, + { + "name": "20132", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20132" + }, + { + "name": "SUSE-SR:2005:025", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_25_sr.html" + }, + { + "name": "17286", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17286" + }, + { + "name": "oval:org.mitre.oval:def:10241", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10241" + }, + { + "name": "FLSA-2006:152922", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" + }, + { + "name": "17377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17377" + }, + { + "name": "15148", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15148" + }, + { + "name": "17254", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17254" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3253.json b/2005/3xxx/CVE-2005-3253.json index 4513c451bbd..be28040d154 100644 --- a/2005/3xxx/CVE-2005-3253.json +++ b/2005/3xxx/CVE-2005-3253.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to 2.5.4, and AP-7/AP-8 2.5 and other versions before 3.1, and (2) Proxim AP-600 and AP-2000 before 2.5.5, and Proxim AP-700 and AP-4000 after 2.4.11 and before 3.1, use a static WEP key of \"12345\", which allows remote attackers to bypass authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://keygen.proxim.com/support/cs/Documents/802.1x_vulnerability.pdf", - "refsource" : "CONFIRM", - "url" : "http://keygen.proxim.com/support/cs/Documents/802.1x_vulnerability.pdf" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2005-233.pdf", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2005-233.pdf" - }, - { - "name" : "ADV-2005-2931", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2931" - }, - { - "name" : "22091", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22091" - }, - { - "name" : "18047", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18047" - }, - { - "name" : "18057", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18057" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to 2.5.4, and AP-7/AP-8 2.5 and other versions before 3.1, and (2) Proxim AP-600 and AP-2000 before 2.5.5, and Proxim AP-700 and AP-4000 after 2.4.11 and before 3.1, use a static WEP key of \"12345\", which allows remote attackers to bypass authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22091", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22091" + }, + { + "name": "18047", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18047" + }, + { + "name": "18057", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18057" + }, + { + "name": "ADV-2005-2931", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2931" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-233.pdf", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-233.pdf" + }, + { + "name": "http://keygen.proxim.com/support/cs/Documents/802.1x_vulnerability.pdf", + "refsource": "CONFIRM", + "url": "http://keygen.proxim.com/support/cs/Documents/802.1x_vulnerability.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3517.json b/2005/3xxx/CVE-2005-3517.json index 8f4f3fe82f3..d2f34b62e56 100644 --- a/2005/3xxx/CVE-2005-3517.json +++ b/2005/3xxx/CVE-2005-3517.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Chipmunk Scripts Guestbook allows remote attackers to obtain the installation path of the script via a URL that causes an error message to be displayed, such as a URL that contains a single quote (') in the start parameter of index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051020 XSS & Path Disclosure in Chipmunk's products", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112982490104274&w=2" - }, - { - "name" : "http://irannetjob.com/content/view/148/28/", - "refsource" : "MISC", - "url" : "http://irannetjob.com/content/view/148/28/" - }, - { - "name" : "20170", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20170" - }, - { - "name" : "96", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/96" - }, - { - "name" : "chipmunk-guestbook-path-disclosure(22825)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Chipmunk Scripts Guestbook allows remote attackers to obtain the installation path of the script via a URL that causes an error message to be displayed, such as a URL that contains a single quote (') in the start parameter of index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051020 XSS & Path Disclosure in Chipmunk's products", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112982490104274&w=2" + }, + { + "name": "20170", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20170" + }, + { + "name": "96", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/96" + }, + { + "name": "chipmunk-guestbook-path-disclosure(22825)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22825" + }, + { + "name": "http://irannetjob.com/content/view/148/28/", + "refsource": "MISC", + "url": "http://irannetjob.com/content/view/148/28/" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3534.json b/2005/3xxx/CVE-2005-3534.json index 42c4e418bf3..000688c2f66 100644 --- a/2005/3xxx/CVE-2005-3534.json +++ b/2005/3xxx/CVE-2005-3534.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Network Block Device (nbd) server 2.7.5 and earlier, and 2.8.0 through 2.8.2, allows remote attackers to execute arbitrary code via a large request, which is written past the end of the buffer because nbd does not account for memory taken by the reply header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-3534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/mailarchive/forum.php?thread_id=9201144&forum_id=40388", - "refsource" : "MISC", - "url" : "http://sourceforge.net/mailarchive/forum.php?thread_id=9201144&forum_id=40388" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=116314", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=116314" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=380202&group_id=13229", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=380202&group_id=13229" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=380210&group_id=13229", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=380210&group_id=13229" - }, - { - "name" : "DSA-924", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-924" - }, - { - "name" : "GLSA-200512-14", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200512-14.xml" - }, - { - "name" : "USN-237-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/237-1/" - }, - { - "name" : "16029", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16029" - }, - { - "name" : "21848", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21848" - }, - { - "name" : "18135", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18135" - }, - { - "name" : "18171", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18171" - }, - { - "name" : "18209", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18209" - }, - { - "name" : "18315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18315" - }, - { - "name" : "18503", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18503" - }, - { - "name" : "43353", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43353" - }, - { - "name" : "43610", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43610" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Network Block Device (nbd) server 2.7.5 and earlier, and 2.8.0 through 2.8.2, allows remote attackers to execute arbitrary code via a large request, which is written past the end of the buffer because nbd does not account for memory taken by the reply header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43610", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43610" + }, + { + "name": "18503", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18503" + }, + { + "name": "DSA-924", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-924" + }, + { + "name": "21848", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21848" + }, + { + "name": "18209", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18209" + }, + { + "name": "USN-237-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/237-1/" + }, + { + "name": "18171", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18171" + }, + { + "name": "16029", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16029" + }, + { + "name": "18135", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18135" + }, + { + "name": "GLSA-200512-14", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200512-14.xml" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=380210&group_id=13229", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=380210&group_id=13229" + }, + { + "name": "http://sourceforge.net/mailarchive/forum.php?thread_id=9201144&forum_id=40388", + "refsource": "MISC", + "url": "http://sourceforge.net/mailarchive/forum.php?thread_id=9201144&forum_id=40388" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=380202&group_id=13229", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=380202&group_id=13229" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=116314", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=116314" + }, + { + "name": "43353", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43353" + }, + { + "name": "18315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18315" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3622.json b/2005/3xxx/CVE-2005-3622.json index e09f537ca7c..bad7461fd97 100644 --- a/2005/3xxx/CVE-2005-3622.json +++ b/2005/3xxx/CVE-2005-3622.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3622", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-3622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051115 [FS-05-02] Multiple vulnerabilities in phpMyAdmin", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113208319104035&w=2" - }, - { - "name" : "http://www.fitsec.com/advisories/FS-05-02.txt", - "refsource" : "MISC", - "url" : "http://www.fitsec.com/advisories/FS-05-02.txt" - }, - { - "name" : "20911", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20911" - }, - { - "name" : "20912", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20912" - }, - { - "name" : "20913", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20913" - }, - { - "name" : "20914", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20914" - }, - { - "name" : "1015213", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015213" - }, - { - "name" : "185", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051115 [FS-05-02] Multiple vulnerabilities in phpMyAdmin", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113208319104035&w=2" + }, + { + "name": "185", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/185" + }, + { + "name": "20914", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20914" + }, + { + "name": "20912", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20912" + }, + { + "name": "1015213", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015213" + }, + { + "name": "http://www.fitsec.com/advisories/FS-05-02.txt", + "refsource": "MISC", + "url": "http://www.fitsec.com/advisories/FS-05-02.txt" + }, + { + "name": "20911", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20911" + }, + { + "name": "20913", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20913" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3954.json b/2005/3xxx/CVE-2005-3954.json index fa0dea5b746..0c7ae7e2d34 100644 --- a/2005/3xxx/CVE-2005-3954.json +++ b/2005/3xxx/CVE-2005-3954.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3954", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows remote attackers to inject arbitrary web script or HTML via the u parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1366743&group_id=127552&atid=708847", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1366743&group_id=127552&atid=708847" - }, - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=514600", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=514600" - }, - { - "name" : "15555", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15555" - }, - { - "name" : "ADV-2005-2586", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2586" - }, - { - "name" : "21111", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21111" - }, - { - "name" : "1015264", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015264" - }, - { - "name" : "17741", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17741" - }, - { - "name" : "blogbuddies-multiple-scripts-xss(23331)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23331" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows remote attackers to inject arbitrary web script or HTML via the u parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=1366743&group_id=127552&atid=708847", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1366743&group_id=127552&atid=708847" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=514600", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=514600" + }, + { + "name": "17741", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17741" + }, + { + "name": "1015264", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015264" + }, + { + "name": "blogbuddies-multiple-scripts-xss(23331)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23331" + }, + { + "name": "15555", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15555" + }, + { + "name": "21111", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21111" + }, + { + "name": "ADV-2005-2586", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2586" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4070.json b/2005/4xxx/CVE-2005-4070.json index b472ce2e16c..1fa652e3aad 100644 --- a/2005/4xxx/CVE-2005-4070.json +++ b/2005/4xxx/CVE-2005-4070.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4070", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3665. Reason: This candidate is a reservation duplicate of CVE-2005-3665. Notes: All CVE users should reference CVE-2005-3665 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-4070", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3665. Reason: This candidate is a reservation duplicate of CVE-2005-3665. Notes: All CVE users should reference CVE-2005-3665 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2336.json b/2009/2xxx/CVE-2009-2336.json index e4836226c56..09dd13f616f 100644 --- a/2009/2xxx/CVE-2009-2336.json +++ b/2009/2xxx/CVE-2009-2336.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for \"user convenience.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504795/100/0/threaded" - }, - { - "name" : "9110", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9110" - }, - { - "name" : "http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked", - "refsource" : "MISC", - "url" : "http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked" - }, - { - "name" : "FEDORA-2009-7701", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html" - }, - { - "name" : "FEDORA-2009-7729", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html" - }, - { - "name" : "FEDORA-2009-8529", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html" - }, - { - "name" : "FEDORA-2009-8538", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html" - }, - { - "name" : "35581", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35581" - }, - { - "name" : "55714", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/55714" - }, - { - "name" : "1022528", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022528" - }, - { - "name" : "ADV-2009-1833", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1833" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for \"user convenience.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2009-8538", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html" + }, + { + "name": "http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked", + "refsource": "MISC", + "url": "http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked" + }, + { + "name": "FEDORA-2009-7729", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html" + }, + { + "name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded" + }, + { + "name": "1022528", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022528" + }, + { + "name": "FEDORA-2009-7701", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html" + }, + { + "name": "ADV-2009-1833", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1833" + }, + { + "name": "FEDORA-2009-8529", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html" + }, + { + "name": "9110", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9110" + }, + { + "name": "55714", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/55714" + }, + { + "name": "35581", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35581" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2366.json b/2009/2xxx/CVE-2009-2366.json index 5cfada879f6..2d9efa9b6e7 100644 --- a/2009/2xxx/CVE-2009-2366.json +++ b/2009/2xxx/CVE-2009-2366.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2366", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in login.asp in DataCheck Solutions ForumPal FE 1.1 and ForumPal 1.5 allows remote attackers to execute arbitrary SQL commands via the (1) password parameter in 1.1 and (2) p_password parameter in 1.5. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2366", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9024", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9024" - }, - { - "name" : "55496", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/55496" - }, - { - "name" : "55497", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/55497" - }, - { - "name" : "35589", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35589" - }, - { - "name" : "35603", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35603" - }, - { - "name" : "datacheck-login-sql-injection(51403)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51403" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in login.asp in DataCheck Solutions ForumPal FE 1.1 and ForumPal 1.5 allows remote attackers to execute arbitrary SQL commands via the (1) password parameter in 1.1 and (2) p_password parameter in 1.5. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55497", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/55497" + }, + { + "name": "datacheck-login-sql-injection(51403)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51403" + }, + { + "name": "35603", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35603" + }, + { + "name": "55496", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/55496" + }, + { + "name": "9024", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9024" + }, + { + "name": "35589", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35589" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2959.json b/2009/2xxx/CVE-2009-2959.json index 81ab268702e..96efa55cade 100644 --- a/2009/2xxx/CVE-2009-2959.json +++ b/2009/2xxx/CVE-2009-2959.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the waterfall web status view (status/web/waterfall.py) in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Buildbot-devel] 20090812 [SECURITY ALERT] Cross-site scripting vulnerability", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/mailarchive/message.php?msg_name=42338fbf0908121232mb790a6cn787ac3de90e8bc31%40mail.gmail.com" - }, - { - "name" : "http://buildbot.net/trac#SecurityAlert", - "refsource" : "CONFIRM", - "url" : "http://buildbot.net/trac#SecurityAlert" - }, - { - "name" : "FEDORA-2009-8516", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00978.html" - }, - { - "name" : "FEDORA-2009-8577", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00985.html" - }, - { - "name" : "36100", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36100" - }, - { - "name" : "36352", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36352" - }, - { - "name" : "36418", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36418" - }, - { - "name" : "ADV-2009-2352", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2352" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the waterfall web status view (status/web/waterfall.py) in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2009-8577", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00985.html" + }, + { + "name": "[Buildbot-devel] 20090812 [SECURITY ALERT] Cross-site scripting vulnerability", + "refsource": "MLIST", + "url": "http://sourceforge.net/mailarchive/message.php?msg_name=42338fbf0908121232mb790a6cn787ac3de90e8bc31%40mail.gmail.com" + }, + { + "name": "FEDORA-2009-8516", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00978.html" + }, + { + "name": "ADV-2009-2352", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2352" + }, + { + "name": "http://buildbot.net/trac#SecurityAlert", + "refsource": "CONFIRM", + "url": "http://buildbot.net/trac#SecurityAlert" + }, + { + "name": "36352", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36352" + }, + { + "name": "36418", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36418" + }, + { + "name": "36100", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36100" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3564.json b/2009/3xxx/CVE-2009-3564.json index c58472d115a..bae48f92f96 100644 --- a/2009/3xxx/CVE-2009-3564.json +++ b/2009/3xxx/CVE-2009-3564.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://projects.reductivelabs.com/issues/1806", - "refsource" : "MISC", - "url" : "http://projects.reductivelabs.com/issues/1806" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=475201", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=475201" - }, - { - "name" : "https://puppet.com/security/cve/cve-2009-3564", - "refsource" : "CONFIRM", - "url" : "https://puppet.com/security/cve/cve-2009-3564" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://puppet.com/security/cve/cve-2009-3564", + "refsource": "CONFIRM", + "url": "https://puppet.com/security/cve/cve-2009-3564" + }, + { + "name": "http://projects.reductivelabs.com/issues/1806", + "refsource": "MISC", + "url": "http://projects.reductivelabs.com/issues/1806" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=475201", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=475201" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3666.json b/2009/3xxx/CVE-2009-3666.json index 73abb7b1dd9..6cd3914ff77 100644 --- a/2009/3xxx/CVE-2009-3666.json +++ b/2009/3xxx/CVE-2009-3666.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3666", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Nullam Blog 0.1.2 allows remote attackers to inject arbitrary web script or HTML via the e parameter in an error action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3666", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090909 Nullam Blog Multiple Remote Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/506380/100/0/threaded" - }, - { - "name" : "9625", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9625" - }, - { - "name" : "57921", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/57921" - }, - { - "name" : "36648", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36648" - }, - { - "name" : "nullam-index-xss(53216)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Nullam Blog 0.1.2 allows remote attackers to inject arbitrary web script or HTML via the e parameter in an error action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57921", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/57921" + }, + { + "name": "9625", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9625" + }, + { + "name": "nullam-index-xss(53216)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53216" + }, + { + "name": "20090909 Nullam Blog Multiple Remote Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/506380/100/0/threaded" + }, + { + "name": "36648", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36648" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3727.json b/2009/3xxx/CVE-2009-3727.json index 2948bf53380..4d4d438331f 100644 --- a/2009/3xxx/CVE-2009-3727.json +++ b/2009/3xxx/CVE-2009-3727.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3727", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3727", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2009-008.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2009-008.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=523277", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=523277" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=533137", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=533137" - }, - { - "name" : "DSA-1952", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1952" - }, - { - "name" : "FEDORA-2009-11070", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html" - }, - { - "name" : "FEDORA-2009-11126", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html" - }, - { - "name" : "36924", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36924" - }, - { - "name" : "59697", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/59697" - }, - { - "name" : "1023133", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023133" - }, - { - "name" : "37265", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37265" - }, - { - "name" : "37479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37479" - }, - { - "name" : "37677", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37677" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37265", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37265" + }, + { + "name": "FEDORA-2009-11126", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html" + }, + { + "name": "37479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37479" + }, + { + "name": "37677", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37677" + }, + { + "name": "DSA-1952", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1952" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=523277", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=523277" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=533137", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533137" + }, + { + "name": "36924", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36924" + }, + { + "name": "FEDORA-2009-11070", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html" + }, + { + "name": "59697", + "refsource": "OSVDB", + "url": "http://osvdb.org/59697" + }, + { + "name": "http://downloads.asterisk.org/pub/security/AST-2009-008.html", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2009-008.html" + }, + { + "name": "1023133", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023133" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3981.json b/2009/3xxx/CVE-2009-3981.json index ea51cfea9da..d21452b8696 100644 --- a/2009/3xxx/CVE-2009-3981.json +++ b/2009/3xxx/CVE-2009-3981.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-65.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-65.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=468771", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=468771" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=546713", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=546713" - }, - { - "name" : "DSA-1956", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1956" - }, - { - "name" : "RHSA-2009:1674", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1674.html" - }, - { - "name" : "SUSE-SA:2009:063", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2009_63_firefox.html" - }, - { - "name" : "USN-873-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-873-1" - }, - { - "name" : "37349", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37349" - }, - { - "name" : "37363", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37363" - }, - { - "name" : "oval:org.mitre.oval:def:8523", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8523" - }, - { - "name" : "oval:org.mitre.oval:def:8584", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8584" - }, - { - "name" : "1023333", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023333" - }, - { - "name" : "1023334", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023334" - }, - { - "name" : "37699", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37699" - }, - { - "name" : "37704", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37704" - }, - { - "name" : "37785", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37785" - }, - { - "name" : "37813", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37813" - }, - { - "name" : "37881", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37881" - }, - { - "name" : "ADV-2009-3547", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3547" - }, - { - "name" : "firefox-browser-engine-code-exec(54801)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37704", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37704" + }, + { + "name": "37699", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37699" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=468771", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=468771" + }, + { + "name": "ADV-2009-3547", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3547" + }, + { + "name": "37881", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37881" + }, + { + "name": "37785", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37785" + }, + { + "name": "1023333", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023333" + }, + { + "name": "37813", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37813" + }, + { + "name": "USN-873-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-873-1" + }, + { + "name": "37363", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37363" + }, + { + "name": "firefox-browser-engine-code-exec(54801)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54801" + }, + { + "name": "37349", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37349" + }, + { + "name": "RHSA-2009:1674", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1674.html" + }, + { + "name": "oval:org.mitre.oval:def:8584", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8584" + }, + { + "name": "DSA-1956", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1956" + }, + { + "name": "oval:org.mitre.oval:def:8523", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8523" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-65.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-65.html" + }, + { + "name": "1023334", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023334" + }, + { + "name": "SUSE-SA:2009:063", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2009_63_firefox.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=546713", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546713" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4391.json b/2009/4xxx/CVE-2009-4391.json index e8965434577..23491798666 100644 --- a/2009/4xxx/CVE-2009-4391.json +++ b/2009/4xxx/CVE-2009-4391.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the File list (dr_blob) extension 2.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the File list (dr_blob) extension 2.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0116.json b/2015/0xxx/CVE-2015-0116.json index 83b542f804e..23f7c19a454 100644 --- a/2015/0xxx/CVE-2015-0116.json +++ b/2015/0xxx/CVE-2015-0116.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict the addition of links, which makes it easier for remote authenticated users to conduct cross-site request forgery (CSRF) attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21902807", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21902807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict the addition of links, which makes it easier for remote authenticated users to conduct cross-site request forgery (CSRF) attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21902807", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902807" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0554.json b/2015/0xxx/CVE-2015-0554.json index 6f86bf21778..f450d2a9a96 100644 --- a/2015/0xxx/CVE-2015-0554.json +++ b/2015/0xxx/CVE-2015-0554.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35721", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35721" - }, - { - "name" : "http://packetstormsecurity.com/files/129828/Pirelli-ADSL2-2-Wireless-Router-P.DGA4001N-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129828/Pirelli-ADSL2-2-Wireless-Router-P.DGA4001N-Information-Disclosure.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35721", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35721" + }, + { + "name": "http://packetstormsecurity.com/files/129828/Pirelli-ADSL2-2-Wireless-Router-P.DGA4001N-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129828/Pirelli-ADSL2-2-Wireless-Router-P.DGA4001N-Information-Disclosure.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0564.json b/2015/0xxx/CVE-2015-0564.json index 4657599d8e4..f9f11936afb 100644 --- a/2015/0xxx/CVE-2015-0564.json +++ b/2015/0xxx/CVE-2015-0564.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2015-05.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2015-05.html" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d3581aecda62d2a51ea7088fd46975415b03ec57", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d3581aecda62d2a51ea7088fd46975415b03ec57" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0019.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0019.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" - }, - { - "name" : "DSA-3141", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3141" - }, - { - "name" : "MDVSA-2015:022", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:022" - }, - { - "name" : "RHSA-2015:1460", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1460.html" - }, - { - "name" : "openSUSE-SU-2015:0113", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-01/msg00053.html" - }, - { - "name" : "71922", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71922" - }, - { - "name" : "62612", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62612" - }, - { - "name" : "62673", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62673" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://advisories.mageia.org/MGASA-2015-0019.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0019.html" + }, + { + "name": "62612", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62612" + }, + { + "name": "MDVSA-2015:022", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:022" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "RHSA-2015:1460", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1460.html" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2015-05.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2015-05.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" + }, + { + "name": "DSA-3141", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3141" + }, + { + "name": "62673", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62673" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d3581aecda62d2a51ea7088fd46975415b03ec57", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d3581aecda62d2a51ea7088fd46975415b03ec57" + }, + { + "name": "71922", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71922" + }, + { + "name": "openSUSE-SU-2015:0113", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00053.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0740.json b/2015/0xxx/CVE-2015-0740.json index 1a97adf8077..c354b1d725a 100644 --- a/2015/0xxx/CVE-2015-0740.json +++ b/2015/0xxx/CVE-2015-0740.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0740", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150519 Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=38913" - }, - { - "name" : "74732", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74732" - }, - { - "name" : "1032367", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032367" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150519 Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38913" + }, + { + "name": "74732", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74732" + }, + { + "name": "1032367", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032367" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0752.json b/2015/0xxx/CVE-2015-0752.json index 11ffbc7d00f..7ffdaad8caf 100644 --- a/2015/0xxx/CVE-2015-0752.json +++ b/2015/0xxx/CVE-2015-0752.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0752", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27635." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150527 Cisco Telepresence Video Communication Server Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39012" - }, - { - "name" : "1032421", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27635." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032421", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032421" + }, + { + "name": "20150527 Cisco Telepresence Video Communication Server Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39012" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1275.json b/2015/1xxx/CVE-2015-1275.json index 079490d8fb0..ad64eadf52a 100644 --- a/2015/1xxx/CVE-2015-1275.json +++ b/2015/1xxx/CVE-2015-1275.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in org/chromium/chrome/browser/UrlUtilities.java in Google Chrome before 44.0.2403.89 on Android allows remote attackers to inject arbitrary web script or HTML via a crafted intent: URL, as demonstrated by a trailing alert(document.cookie);// substring, aka \"Universal XSS (UXSS).\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=462843", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=462843" - }, - { - "name" : "https://codereview.chromium.org/1059413004/", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1059413004/" - }, - { - "name" : "GLSA-201603-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-09" - }, - { - "name" : "openSUSE-SU-2015:1287", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" - }, - { - "name" : "75973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75973" - }, - { - "name" : "1033031", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in org/chromium/chrome/browser/UrlUtilities.java in Google Chrome before 44.0.2403.89 on Android allows remote attackers to inject arbitrary web script or HTML via a crafted intent: URL, as demonstrated by a trailing alert(document.cookie);// substring, aka \"Universal XSS (UXSS).\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://codereview.chromium.org/1059413004/", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1059413004/" + }, + { + "name": "openSUSE-SU-2015:1287", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" + }, + { + "name": "1033031", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033031" + }, + { + "name": "GLSA-201603-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-09" + }, + { + "name": "75973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75973" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=462843", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=462843" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1324.json b/2015/1xxx/CVE-2015-1324.json index 77f20451d7c..f9703fe6f94 100644 --- a/2015/1xxx/CVE-2015-1324.json +++ b/2015/1xxx/CVE-2015-1324.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2015-1324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1452239", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1452239" - }, - { - "name" : "USN-2609-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2609-1" - }, - { - "name" : "74767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74767" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2609-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2609-1" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1452239", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1452239" + }, + { + "name": "74767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74767" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1950.json b/2015/1xxx/CVE-2015-1950.json index 7d5994e65be..982c4284a1c 100644 --- a/2015/1xxx/CVE-2015-1950.json +++ b/2015/1xxx/CVE-2015-1950.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020740", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020740" - }, - { - "name" : "IT08926", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08926" - }, - { - "name" : "75102", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75102" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020740", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020740" + }, + { + "name": "75102", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75102" + }, + { + "name": "IT08926", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08926" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4190.json b/2015/4xxx/CVE-2015-4190.json index 9f97bd552cf..3974cf86ed5 100644 --- a/2015/4xxx/CVE-2015-4190.json +++ b/2015/4xxx/CVE-2015-4190.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1_vortex on Cloud Portal appliances allows man-in-the-middle attackers to modify data via unspecified vectors, aka Bug ID CSCuh19683." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150616 Cisco Cloud Portal Appliance Pregenerated Default Host Keys Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39380" - }, - { - "name" : "75271", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75271" - }, - { - "name" : "1032593", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032593" - }, - { - "name" : "1032594", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032594" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1_vortex on Cloud Portal appliances allows man-in-the-middle attackers to modify data via unspecified vectors, aka Bug ID CSCuh19683." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "75271", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75271" + }, + { + "name": "1032593", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032593" + }, + { + "name": "20150616 Cisco Cloud Portal Appliance Pregenerated Default Host Keys Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39380" + }, + { + "name": "1032594", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032594" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4747.json b/2015/4xxx/CVE-2015-4747.json index 5034d354423..017a87dfe74 100644 --- a/2015/4xxx/CVE-2015-4747.json +++ b/2015/4xxx/CVE-2015-4747.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4747", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7 and 12.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CEP system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7 and 12.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CEP system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4924.json b/2015/4xxx/CVE-2015-4924.json index 8a4ce739d99..1a0d93d0d85 100644 --- a/2015/4xxx/CVE-2015-4924.json +++ b/2015/4xxx/CVE-2015-4924.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.1, 9.3.1.2, 9.3.2, and 9.3.3 allows remote authenticated users to affect integrity via vectors related to Security." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "1034727", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034727" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.1, 9.3.1.2, 9.3.2, and 9.3.3 allows remote authenticated users to affect integrity via vectors related to Security." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "1034727", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034727" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5246.json b/2015/5xxx/CVE-2015-5246.json index 1624fa74dc7..0c988d365c1 100644 --- a/2015/5xxx/CVE-2015-5246.json +++ b/2015/5xxx/CVE-2015-5246.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://projects.theforeman.org/issues/11471", - "refsource" : "CONFIRM", - "url" : "http://projects.theforeman.org/issues/11471" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1258700", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1258700" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://projects.theforeman.org/issues/11471", + "refsource": "CONFIRM", + "url": "http://projects.theforeman.org/issues/11471" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1258700", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1258700" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5364.json b/2015/5xxx/CVE-2015-5364.json index bfe8903b6a3..d287aa589c4 100644 --- a/2015/5xxx/CVE-2015-5364.json +++ b/2015/5xxx/CVE-2015-5364.json @@ -1,247 +1,247 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2015-5364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150630 CVE Request: UDP checksum DoS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/06/30/13" - }, - { - "name" : "https://twitter.com/grsecurity/status/605854034260426753", - "refsource" : "MISC", - "url" : "https://twitter.com/grsecurity/status/605854034260426753" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.6", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.6" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1239029", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1239029" - }, - { - "name" : "https://github.com/torvalds/linux/commit/beb39db59d14990e401e235faf66a6b9b31240b0", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/beb39db59d14990e401e235faf66a6b9b31240b0" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761" - }, - { - "name" : "DSA-3329", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3329" - }, - { - "name" : "DSA-3313", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3313" - }, - { - "name" : "RHSA-2016:1225", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1225" - }, - { - "name" : "RHSA-2016:1096", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1096.html" - }, - { - "name" : "RHSA-2016:1100", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1100.html" - }, - { - "name" : "RHSA-2016:0045", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0045.html" - }, - { - "name" : "RHSA-2015:1778", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1778.html" - }, - { - "name" : "RHSA-2015:1787", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1787.html" - }, - { - "name" : "RHSA-2015:1623", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1623.html" - }, - { - "name" : "SUSE-SU-2015:1478", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html" - }, - { - "name" : "SUSE-SU-2015:1592", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html" - }, - { - "name" : "SUSE-SU-2015:1611", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html" - }, - { - "name" : "SUSE-SU-2015:1224", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html" - }, - { - "name" : "SUSE-SU-2015:1324", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html" - }, - { - "name" : "SUSE-SU-2015:1490", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00010.html" - }, - { - "name" : "openSUSE-SU-2015:1382", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html" - }, - { - "name" : "SUSE-SU-2015:1487", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html" - }, - { - "name" : "SUSE-SU-2015:1488", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html" - }, - { - "name" : "SUSE-SU-2015:1489", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html" - }, - { - "name" : "SUSE-SU-2015:1491", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html" - }, - { - "name" : "USN-2680-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2680-1" - }, - { - "name" : "USN-2681-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2681-1" - }, - { - "name" : "USN-2682-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2682-1" - }, - { - "name" : "USN-2683-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2683-1" - }, - { - "name" : "USN-2684-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2684-1" - }, - { - "name" : "USN-2713-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2713-1" - }, - { - "name" : "USN-2714-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2714-1" - }, - { - "name" : "75510", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75510" - }, - { - "name" : "1032794", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032794" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2015:1491", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html" + }, + { + "name": "SUSE-SU-2015:1489", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0" + }, + { + "name": "USN-2713-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2713-1" + }, + { + "name": "SUSE-SU-2015:1488", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html" + }, + { + "name": "USN-2680-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2680-1" + }, + { + "name": "USN-2682-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2682-1" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "SUSE-SU-2015:1611", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html" + }, + { + "name": "RHSA-2015:1778", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1778.html" + }, + { + "name": "USN-2714-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2714-1" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.6", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.6" + }, + { + "name": "RHSA-2016:1096", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1096.html" + }, + { + "name": "https://twitter.com/grsecurity/status/605854034260426753", + "refsource": "MISC", + "url": "https://twitter.com/grsecurity/status/605854034260426753" + }, + { + "name": "SUSE-SU-2015:1324", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html" + }, + { + "name": "DSA-3329", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3329" + }, + { + "name": "[oss-security] 20150630 CVE Request: UDP checksum DoS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/06/30/13" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1239029", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1239029" + }, + { + "name": "RHSA-2015:1787", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1787.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "1032794", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032794" + }, + { + "name": "openSUSE-SU-2015:1382", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html" + }, + { + "name": "USN-2684-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2684-1" + }, + { + "name": "DSA-3313", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3313" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761" + }, + { + "name": "USN-2681-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2681-1" + }, + { + "name": "RHSA-2016:0045", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0045.html" + }, + { + "name": "SUSE-SU-2015:1478", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html" + }, + { + "name": "USN-2683-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2683-1" + }, + { + "name": "SUSE-SU-2015:1490", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00010.html" + }, + { + "name": "75510", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75510" + }, + { + "name": "RHSA-2016:1225", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1225" + }, + { + "name": "RHSA-2016:1100", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1100.html" + }, + { + "name": "RHSA-2015:1623", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1623.html" + }, + { + "name": "SUSE-SU-2015:1224", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html" + }, + { + "name": "SUSE-SU-2015:1487", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html" + }, + { + "name": "SUSE-SU-2015:1592", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/beb39db59d14990e401e235faf66a6b9b31240b0", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/beb39db59d14990e401e235faf66a6b9b31240b0" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9180.json b/2015/9xxx/CVE-2015-9180.json index 0ea06469ba3..13edd879013 100644 --- a/2015/9xxx/CVE-2015-9180.json +++ b/2015/9xxx/CVE-2015-9180.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2015-9180", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, the response pointer passed from user space to SDMX_process is not checked before it is used. If the given response buffer length is smaller than 16 bytes, the response values will be written to a memory outside the buffer, possibly in the secure memory area." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Core." - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2015-9180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, the response pointer passed from user space to SDMX_process is not checked before it is used. If the given response buffer length is smaller than 16 bytes, the response values will be written to a memory outside the buffer, possibly in the secure memory area." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Core." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2108.json b/2018/2xxx/CVE-2018-2108.json index da911b5485f..fc1b488aaa1 100644 --- a/2018/2xxx/CVE-2018-2108.json +++ b/2018/2xxx/CVE-2018-2108.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2108", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2108", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3221.json b/2018/3xxx/CVE-2018-3221.json index 0fd4211478a..1200988ca36 100644 --- a/2018/3xxx/CVE-2018-3221.json +++ b/2018/3xxx/CVE-2018-3221.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3221", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Outside In Technology", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.5.3" - }, - { - "version_affected" : "=", - "version_value" : "8.5.4" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3221", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.5.3" + }, + { + "version_affected": "=", + "version_value": "8.5.4" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105603", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105603" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105603", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105603" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3509.json b/2018/3xxx/CVE-2018-3509.json index c0551f9a4d1..c7467b2ae2b 100644 --- a/2018/3xxx/CVE-2018-3509.json +++ b/2018/3xxx/CVE-2018-3509.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3509", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3509", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3518.json b/2018/3xxx/CVE-2018-3518.json index 00e859544f7..bafdf2c56d8 100644 --- a/2018/3xxx/CVE-2018-3518.json +++ b/2018/3xxx/CVE-2018-3518.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3518", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3518", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3598.json b/2018/3xxx/CVE-2018-3598.json index 2cfa7ae7bb1..465f3a966cd 100644 --- a/2018/3xxx/CVE-2018-3598.json +++ b/2018/3xxx/CVE-2018-3598.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2018-3598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, insufficient validation of parameters from userspace in the camera driver can lead to information leak and out-of-bounds access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure in Camera" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2018-3598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, insufficient validation of parameters from userspace in the camera driver can lead to information leak and out-of-bounds access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure in Camera" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6085.json b/2018/6xxx/CVE-2018-6085.json index 540a1e60cd5..0901b8c3f75 100644 --- a/2018/6xxx/CVE-2018-6085.json +++ b/2018/6xxx/CVE-2018-6085.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-6085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "66.0.3359.117" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Object corruption" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-6085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "66.0.3359.117" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/826626", - "refsource" : "MISC", - "url" : "https://crbug.com/826626" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4182", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4182" - }, - { - "name" : "GLSA-201804-22", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201804-22" - }, - { - "name" : "RHSA-2018:1195", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1195" - }, - { - "name" : "103917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Object corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201804-22", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201804-22" + }, + { + "name": "https://crbug.com/826626", + "refsource": "MISC", + "url": "https://crbug.com/826626" + }, + { + "name": "DSA-4182", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4182" + }, + { + "name": "103917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103917" + }, + { + "name": "RHSA-2018:1195", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1195" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6163.json b/2018/6xxx/CVE-2018-6163.json index c8d9fcc1c36..f2e163b64de 100644 --- a/2018/6xxx/CVE-2018-6163.json +++ b/2018/6xxx/CVE-2018-6163.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-6163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "68.0.3440.75" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient policy enforcement" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-6163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "68.0.3440.75" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/849398", - "refsource" : "MISC", - "url" : "https://crbug.com/849398" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4256", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4256" - }, - { - "name" : "GLSA-201808-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201808-01" - }, - { - "name" : "RHSA-2018:2282", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2282" - }, - { - "name" : "104887", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html" + }, + { + "name": "RHSA-2018:2282", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2282" + }, + { + "name": "GLSA-201808-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201808-01" + }, + { + "name": "DSA-4256", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4256" + }, + { + "name": "https://crbug.com/849398", + "refsource": "MISC", + "url": "https://crbug.com/849398" + }, + { + "name": "104887", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104887" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6960.json b/2018/6xxx/CVE-2018-6960.json index 5a0fd865776..29fa8904dc8 100644 --- a/2018/6xxx/CVE-2018-6960.json +++ b/2018/6xxx/CVE-2018-6960.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "DATE_PUBLIC" : "2018-04-20T00:00:00", - "ID" : "CVE-2018-6960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Horizon DaaS", - "version" : { - "version_data" : [ - { - "version_value" : "7.x before 8.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "VMware" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Broken authentication vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "DATE_PUBLIC": "2018-04-20T00:00:00", + "ID": "CVE-2018-6960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Horizon DaaS", + "version": { + "version_data": [ + { + "version_value": "7.x before 8.0.0" + } + ] + } + } + ] + }, + "vendor_name": "VMware" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vmware.com/security/advisories/VMSA-2018-0010.html", - "refsource" : "CONFIRM", - "url" : "https://www.vmware.com/security/advisories/VMSA-2018-0010.html" - }, - { - "name" : "103938", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103938" - }, - { - "name" : "1040731", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040731" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Broken authentication vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103938", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103938" + }, + { + "name": "https://www.vmware.com/security/advisories/VMSA-2018-0010.html", + "refsource": "CONFIRM", + "url": "https://www.vmware.com/security/advisories/VMSA-2018-0010.html" + }, + { + "name": "1040731", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040731" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6980.json b/2018/6xxx/CVE-2018-6980.json index 47dafff990d..3be493f20b5 100644 --- a/2018/6xxx/CVE-2018-6980.json +++ b/2018/6xxx/CVE-2018-6980.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "ID" : "CVE-2018-6980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VMware vRealize Log Insight", - "version" : { - "version_data" : [ - { - "version_value" : "VVMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2)" - } - ] - } - } - ] - }, - "vendor_name" : "VMware" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authorization bypass vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "ID": "CVE-2018-6980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VMware vRealize Log Insight", + "version": { + "version_data": [ + { + "version_value": "VVMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2)" + } + ] + } + } + ] + }, + "vendor_name": "VMware" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vmware.com/security/advisories/VMSA-2018-0028.html", - "refsource" : "CONFIRM", - "url" : "https://www.vmware.com/security/advisories/VMSA-2018-0028.html" - }, - { - "name" : "105925", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105925" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authorization bypass vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.vmware.com/security/advisories/VMSA-2018-0028.html", + "refsource": "CONFIRM", + "url": "https://www.vmware.com/security/advisories/VMSA-2018-0028.html" + }, + { + "name": "105925", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105925" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7053.json b/2018/7xxx/CVE-2018-7053.json index df7b6f1a1f3..7af8762665c 100644 --- a/2018/7xxx/CVE-2018-7053.json +++ b/2018/7xxx/CVE-2018-7053.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2018/02/15/1", - "refsource" : "CONFIRM", - "url" : "http://openwall.com/lists/oss-security/2018/02/15/1" - }, - { - "name" : "https://irssi.org/security/irssi_sa_2018_02.txt", - "refsource" : "CONFIRM", - "url" : "https://irssi.org/security/irssi_sa_2018_02.txt" - }, - { - "name" : "DSA-4162", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4162" - }, - { - "name" : "USN-3590-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3590-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4162", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4162" + }, + { + "name": "https://irssi.org/security/irssi_sa_2018_02.txt", + "refsource": "CONFIRM", + "url": "https://irssi.org/security/irssi_sa_2018_02.txt" + }, + { + "name": "http://openwall.com/lists/oss-security/2018/02/15/1", + "refsource": "CONFIRM", + "url": "http://openwall.com/lists/oss-security/2018/02/15/1" + }, + { + "name": "USN-3590-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3590-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7358.json b/2018/7xxx/CVE-2018-7358.json index 442631a581b..2e03d2ddc84 100644 --- a/2018/7xxx/CVE-2018-7358.json +++ b/2018/7xxx/CVE-2018-7358.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@zte.com.cn", - "ID" : "CVE-2018-7358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ZXHN H168N", - "version" : { - "version_data" : [ - { - "version_value" : "V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T" - } - ] - } - } - ] - }, - "vendor_name" : "ZTE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "ADJACENT_NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 6.5, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Authorization\n" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@zte.com.cn", + "ID": "CVE-2018-7358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ZXHN H168N", + "version": { + "version_data": [ + { + "version_value": "V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T" + } + ] + } + } + ] + }, + "vendor_name": "ZTE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45972", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45972/" - }, - { - "name" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523", - "refsource" : "CONFIRM", - "url" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523" - }, - { - "name" : "105963", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105963" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization\n" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105963", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105963" + }, + { + "name": "45972", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45972/" + }, + { + "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523", + "refsource": "CONFIRM", + "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7630.json b/2018/7xxx/CVE-2018-7630.json index 82145c4d3e2..670f8efe1e6 100644 --- a/2018/7xxx/CVE-2018-7630.json +++ b/2018/7xxx/CVE-2018-7630.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7630", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7630", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7691.json b/2018/7xxx/CVE-2018-7691.json index 7cce166f0a8..39406bf1708 100644 --- a/2018/7xxx/CVE-2018-7691.json +++ b/2018/7xxx/CVE-2018-7691.json @@ -1,100 +1,100 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "DATE_PUBLIC" : "2018-12-12T15:30:00.000Z", - "ID" : "CVE-2018-7691", - "STATE" : "PUBLIC", - "TITLE" : "MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Fortify Software Security Center (SSC)", - "version" : { - "version_data" : [ - { - "version_value" : "17.10, 17.20, 18.10" - } - ] - } - } - ] - }, - "vendor_name" : "Micro Focus" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Micro Focus would like to extend a special thanks to Alex Hernandez, aka alt3kx, for responsibly disclosing this vulnerability." - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access" - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "Remote Unauthorized Access" - } - ], - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 6.5, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "NONE", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Unauthorized Access" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2018-12-12T15:30:00.000Z", + "ID": "CVE-2018-7691", + "STATE": "PUBLIC", + "TITLE": "MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fortify Software Security Center (SSC)", + "version": { + "version_data": [ + { + "version_value": "17.10, 17.20, 18.10" + } + ] + } + } + ] + }, + "vendor_name": "Micro Focus" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45990", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45990/" - }, - { - "name" : "https://softwaresupport.softwaregrp.com/doc/KM03298201", - "refsource" : "MISC", - "url" : "https://softwaresupport.softwaregrp.com/doc/KM03298201" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Micro Focus would like to extend a special thanks to Alex Hernandez, aka alt3kx, for responsibly disclosing this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access" + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Remote Unauthorized Access" + } + ], + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Unauthorized Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45990", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45990/" + }, + { + "name": "https://softwaresupport.softwaregrp.com/doc/KM03298201", + "refsource": "MISC", + "url": "https://softwaresupport.softwaregrp.com/doc/KM03298201" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7785.json b/2018/7xxx/CVE-2018-7785.json index 867ddd04b27..1236025e019 100644 --- a/2018/7xxx/CVE-2018-7785.json +++ b/2018/7xxx/CVE-2018-7785.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cybersecurity@se.com", - "DATE_PUBLIC" : "2018-05-31T00:00:00", - "ID" : "CVE-2018-7785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "U.motion Builder", - "version" : { - "version_data" : [ - { - "version_value" : "U.motion Builder, all versions prior to 1.3.4" - } - ] - } - } - ] - }, - "vendor_name" : "Schneider Electric SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "cybersecurity@schneider-electric.com", + "DATE_PUBLIC": "2018-05-31T00:00:00", + "ID": "CVE-2018-7785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "U.motion Builder", + "version": { + "version_data": [ + { + "version_value": "U.motion Builder, all versions prior to 1.3.4" + } + ] + } + } + ] + }, + "vendor_name": "Schneider Electric SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/" - }, - { - "name" : "104447", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104447" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/" + }, + { + "name": "104447", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104447" + } + ] + } +} \ No newline at end of file