diff --git a/1999/0xxx/CVE-1999-0757.json b/1999/0xxx/CVE-1999-0757.json index 142686fef5d..e6b7ec49997 100644 --- a/1999/0xxx/CVE-1999-0757.json +++ b/1999/0xxx/CVE-1999-0757.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ASB99-08", - "refsource" : "ALLAIRE", - "url" : "http://www.allaire.com/handlers/index.cfm?ID=10969&Method=Full" - }, - { - "name" : "coldfusion-encryption(2208)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/2208" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ASB99-08", + "refsource": "ALLAIRE", + "url": "http://www.allaire.com/handlers/index.cfm?ID=10969&Method=Full" + }, + { + "name": "coldfusion-encryption(2208)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2208" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1158.json b/1999/1xxx/CVE-1999-1158.json index 673419911de..42474308a30 100644 --- a/1999/1xxx/CVE-1999-1158.json +++ b/1999/1xxx/CVE-1999-1158.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in (1) pluggable authentication module (PAM) on Solaris 2.5.1 and 2.5 and (2) unix_scheme in Solaris 2.4 and 2.3 allows local users to gain root privileges via programs that use these modules such as passwd, yppasswd, and nispasswd." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "AA-97.09", - "refsource" : "AUSCERT", - "url" : "ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-97.09.Solaris.passwd.buffer.overrun.vul" - }, - { - "name" : "00139", - "refsource" : "SUN", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/139&type=0&nav=sec.sba" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in (1) pluggable authentication module (PAM) on Solaris 2.5.1 and 2.5 and (2) unix_scheme in Solaris 2.4 and 2.3 allows local users to gain root privileges via programs that use these modules such as passwd, yppasswd, and nispasswd." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "AA-97.09", + "refsource": "AUSCERT", + "url": "ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-97.09.Solaris.passwd.buffer.overrun.vul" + }, + { + "name": "00139", + "refsource": "SUN", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/139&type=0&nav=sec.sba" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1345.json b/1999/1xxx/CVE-1999-1345.json index 47f3afa43fe..9145ee85ae4 100644 --- a/1999/1xxx/CVE-1999-1345.json +++ b/1999/1xxx/CVE-1999-1345.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Auto_FTP.pl script in Auto_FTP 0.2 uses the /tmp/ftp_tmp as a shared directory with insecure permissions, which allows local users to (1) send arbitrary files to the remote server by placing them in the directory, and (2) view files that are being transferred." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19991005 Auto_FTP v0.02 Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=93923873006014&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Auto_FTP.pl script in Auto_FTP 0.2 uses the /tmp/ftp_tmp as a shared directory with insecure permissions, which allows local users to (1) send arbitrary files to the remote server by placing them in the directory, and (2) view files that are being transferred." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19991005 Auto_FTP v0.02 Advisory", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=93923873006014&w=2" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1362.json b/1999/1xxx/CVE-1999-1362.json index 791b4533fa2..955ffa455ad 100644 --- a/1999/1xxx/CVE-1999-1362.json +++ b/1999/1xxx/CVE-1999-1362.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "Q160601", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/support/kb/articles/q160/6/01.asp" - }, - { - "name" : "nt-win32k-dos(7403)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7403.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "nt-win32k-dos(7403)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7403.php" + }, + { + "name": "Q160601", + "refsource": "MSKB", + "url": "http://support.microsoft.com/support/kb/articles/q160/6/01.asp" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1376.json b/1999/1xxx/CVE-1999-1376.json index 0696d6c06e8..9a9b1feacad 100644 --- a/1999/1xxx/CVE-1999-1376.json +++ b/1999/1xxx/CVE-1999-1376.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990114 MS IIS 4.0 Security Advisory", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=91632724913080&w=2" - }, - { - "name" : "19990114 MS IIS 4.0 Security Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=91638375309890&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19990114 MS IIS 4.0 Security Advisory", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=91638375309890&w=2" + }, + { + "name": "19990114 MS IIS 4.0 Security Advisory", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=91632724913080&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0057.json b/2000/0xxx/CVE-2000-0057.json index 1cb01aaf852..6e7ca31ec07 100644 --- a/2000/0xxx/CVE-2000-0057.json +++ b/2000/0xxx/CVE-2000-0057.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ASB00-03", - "refsource" : "ALLAIRE", - "url" : "http://www.allaire.com/handlers/index.cfm?ID=13978&Method=Full" - }, - { - "name" : "917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ASB00-03", + "refsource": "ALLAIRE", + "url": "http://www.allaire.com/handlers/index.cfm?ID=13978&Method=Full" + }, + { + "name": "917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/917" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0121.json b/2000/0xxx/CVE-2000-0121.json index a922553dca8..7e79e76940f 100644 --- a/2000/0xxx/CVE-2000-0121.json +++ b/2000/0xxx/CVE-2000-0121.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the \"Recycle Bin Creation\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS00-007", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-007" - }, - { - "name" : "Q248399", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248399" - }, - { - "name" : "963", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/963" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the \"Recycle Bin Creation\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "Q248399", + "refsource": "MSKB", + "url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248399" + }, + { + "name": "MS00-007", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-007" + }, + { + "name": "963", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/963" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0235.json b/2000/0xxx/CVE-2000-0235.json index 94ff2e9b48b..61a5bd571d1 100644 --- a/2000/0xxx/CVE-2000-0235.json +++ b/2000/0xxx/CVE-2000-0235.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-00:10", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:10-orville-write.asc" - }, - { - "name" : "1070", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1070" - }, - { - "name" : "1263", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FreeBSD-SA-00:10", + "refsource": "FREEBSD", + "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:10-orville-write.asc" + }, + { + "name": "1070", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1070" + }, + { + "name": "1263", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1263" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0270.json b/2000/0xxx/CVE-2000-0270.json index ba57f96629d..c31edebdc8e 100644 --- a/2000/0xxx/CVE-2000-0270.json +++ b/2000/0xxx/CVE-2000-0270.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000418 RUS-CERT Advisory 200004-01: GNU Emacs 20", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf@mercury.rus.uni-stuttgart.de" - }, - { - "name" : "1126", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1126" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1126", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1126" + }, + { + "name": "20000418 RUS-CERT Advisory 200004-01: GNU Emacs 20", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf@mercury.rus.uni-stuttgart.de" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0308.json b/2000/0xxx/CVE-2000-0308.json index 57b2fa969c8..74d8994ff00 100644 --- a/2000/0xxx/CVE-2000-0308.json +++ b/2000/0xxx/CVE-2000-0308.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0308", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insecure file permissions for Netscape FastTrack Server 2.x, Enterprise Server 2.0, and Proxy Server 2.5 in SCO UnixWare 7.0.x and 2.1.3 allow an attacker to gain root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0308", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SB-99.08", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/SSE/security_bulletins/SB-99.08a" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insecure file permissions for Netscape FastTrack Server 2.x, Enterprise Server 2.0, and Proxy Server 2.5 in SCO UnixWare 7.0.x and 2.1.3 allow an attacker to gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SB-99.08", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/SSE/security_bulletins/SB-99.08a" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0383.json b/2000/0xxx/CVE-2000-0383.json index 33533848955..a8e565ce445 100644 --- a/2000/0xxx/CVE-2000-0383.json +++ b/2000/0xxx/CVE-2000-0383.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The file transfer component of AOL Instant Messenger (AIM) reveals the physical path of the transferred file to the remote recipient." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000507 AOL Instant Messenger", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=002401bfb918$7310d5a0$1ef084ce@karemor.com" - }, - { - "name" : "1180", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The file transfer component of AOL Instant Messenger (AIM) reveals the physical path of the transferred file to the remote recipient." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1180", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1180" + }, + { + "name": "20000507 AOL Instant Messenger", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=002401bfb918$7310d5a0$1ef084ce@karemor.com" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0756.json b/2000/0xxx/CVE-2000-0756.json index 4ffa05b09f8..9064f5d0f57 100644 --- a/2000/0xxx/CVE-2000-0756.json +++ b/2000/0xxx/CVE-2000-0756.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000831 vCard DoS on Outlook 2000", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=Springmail.105.967737080.0.16997300@www.springmail.com" - }, - { - "name" : "1633", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1633" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1633", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1633" + }, + { + "name": "20000831 vCard DoS on Outlook 2000", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=Springmail.105.967737080.0.16997300@www.springmail.com" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1054.json b/2000/1xxx/CVE-2000-1054.json index 7ec0202bba6..ff747e1c791 100644 --- a/2000/1xxx/CVE-2000-1054.json +++ b/2000/1xxx/CVE-2000-1054.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml" - }, - { - "name" : "1705", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1705" - }, - { - "name" : "ciscosecure-csadmin-bo(5272)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5272" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml" + }, + { + "name": "1705", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1705" + }, + { + "name": "ciscosecure-csadmin-bo(5272)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5272" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2077.json b/2005/2xxx/CVE-2005-2077.json index feba75d92b1..c5f673babd8 100644 --- a/2005/2xxx/CVE-2005-2077.json +++ b/2005/2xxx/CVE-2005-2077.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in error.asp for Hosting Controller allows remote attackers to inject arbitrary web script or HTML via the error parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050628 Cross-Site Scripting (CSS) in Hosting Controller All Version and hot fix it hehe ;)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111997456519685&w=2" - }, - { - "name" : "20051215 Bug in HC", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419597/100/0/threaded" - }, - { - "name" : "14080", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14080" - }, - { - "name" : "1016456", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in error.asp for Hosting Controller allows remote attackers to inject arbitrary web script or HTML via the error parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016456", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016456" + }, + { + "name": "20051215 Bug in HC", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419597/100/0/threaded" + }, + { + "name": "20050628 Cross-Site Scripting (CSS) in Hosting Controller All Version and hot fix it hehe ;)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111997456519685&w=2" + }, + { + "name": "14080", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14080" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2144.json b/2005/2xxx/CVE-2005-2144.json index 29ea3949a39..a9f796c751d 100644 --- a/2005/2xxx/CVE-2005-2144.json +++ b/2005/2xxx/CVE-2005-2144.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2144", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Prevx Pro 2005 1.0 allows local users to bypass file protection and modify files by using MapViewOfFile to perform memory mapping on the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1014346", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014346" - }, - { - "name" : "15885", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15885" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Prevx Pro 2005 1.0 allows local users to bypass file protection and modify files by using MapViewOfFile to perform memory mapping on the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15885", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15885" + }, + { + "name": "1014346", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014346" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2877.json b/2005/2xxx/CVE-2005-2877.json index a96efd8f857..fa867f1e3cd 100644 --- a/2005/2xxx/CVE-2005-2877.json +++ b/2005/2xxx/CVE-2005-2877.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2877", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050914 TWiki Remote Command Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112680475417550&w=2" - }, - { - "name" : "http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev", - "refsource" : "CONFIRM", - "url" : "http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev" - }, - { - "name" : "VU#757181", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/757181" - }, - { - "name" : "14834", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14834" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev", + "refsource": "CONFIRM", + "url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev" + }, + { + "name": "20050914 TWiki Remote Command Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112680475417550&w=2" + }, + { + "name": "VU#757181", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/757181" + }, + { + "name": "14834", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14834" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3417.json b/2005/3xxx/CVE-2005-3417.json index bb3d0ea5ee7..59476bbe826 100644 --- a/2005/3xxx/CVE-2005-3417.json +++ b/2005/3xxx/CVE-2005-3417.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3417", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3417", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113081113317600&w=2" - }, - { - "name" : "http://www.hardened-php.net/advisory_172005.75.html", - "refsource" : "MISC", - "url" : "http://www.hardened-php.net/advisory_172005.75.html" - }, - { - "name" : "DSA-925", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-925" - }, - { - "name" : "15243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15243" - }, - { - "name" : "20414", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20414" - }, - { - "name" : "1015121", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015121" - }, - { - "name" : "17366", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17366" - }, - { - "name" : "18098", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18098" - }, - { - "name" : "130", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/130" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20414", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20414" + }, + { + "name": "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113081113317600&w=2" + }, + { + "name": "DSA-925", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-925" + }, + { + "name": "17366", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17366" + }, + { + "name": "130", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/130" + }, + { + "name": "18098", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18098" + }, + { + "name": "http://www.hardened-php.net/advisory_172005.75.html", + "refsource": "MISC", + "url": "http://www.hardened-php.net/advisory_172005.75.html" + }, + { + "name": "1015121", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015121" + }, + { + "name": "15243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15243" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3965.json b/2005/3xxx/CVE-2005-3965.json index db1824eec4a..d3e1a9eeec8 100644 --- a/2005/3xxx/CVE-2005-3965.json +++ b/2005/3xxx/CVE-2005-3965.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3965", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-2607. Reason: This candidate is a duplicate of CVE-2004-2607. Notes: All CVE users should reference CVE-2004-2607 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-3965", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-2607. Reason: This candidate is a duplicate of CVE-2004-2607. Notes: All CVE users should reference CVE-2004-2607 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5096.json b/2007/5xxx/CVE-2007-5096.json index e495cfcf1e5..c123743a3a7 100644 --- a/2007/5xxx/CVE-2007-5096.json +++ b/2007/5xxx/CVE-2007-5096.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in modules/webmail2/inc/rfc822.php in guanxiCRM Business Solution 0.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the webmail2_inc_dir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://arfis.wordpress.com/2007/09/14/rfi-02-guanxicrm-business-solution/", - "refsource" : "MISC", - "url" : "http://arfis.wordpress.com/2007/09/14/rfi-02-guanxicrm-business-solution/" - }, - { - "name" : "38575", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38575" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in modules/webmail2/inc/rfc822.php in guanxiCRM Business Solution 0.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the webmail2_inc_dir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://arfis.wordpress.com/2007/09/14/rfi-02-guanxicrm-business-solution/", + "refsource": "MISC", + "url": "http://arfis.wordpress.com/2007/09/14/rfi-02-guanxicrm-business-solution/" + }, + { + "name": "38575", + "refsource": "OSVDB", + "url": "http://osvdb.org/38575" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5156.json b/2007/5xxx/CVE-2007-5156.json index 293fa3ba365..ab5ea0f64e0 100644 --- a/2007/5xxx/CVE-2007-5156.json +++ b/2007/5xxx/CVE-2007-5156.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains \".php.\" and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070927 [waraxe-2007-SA#057] - Unauthorized File Upload in SiteX CMS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/480830/100/0/threaded" - }, - { - "name" : "5618", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5618" - }, - { - "name" : "5688", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5688" - }, - { - "name" : "http://www.waraxe.us/advisory-57.html", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/advisory-57.html" - }, - { - "name" : "http://dev.fckeditor.net/changeset/973", - "refsource" : "MISC", - "url" : "http://dev.fckeditor.net/changeset/973" - }, - { - "name" : "http://dev.fckeditor.net/ticket/1325", - "refsource" : "MISC", - "url" : "http://dev.fckeditor.net/ticket/1325" - }, - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/30677.php", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/30677.php" - }, - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=743930", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=743930" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=546000", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=546000" - }, - { - "name" : "29422", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29422" - }, - { - "name" : "30677", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30677" - }, - { - "name" : "ADV-2007-3464", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3464" - }, - { - "name" : "ADV-2007-3465", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3465" - }, - { - "name" : "27123", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27123" - }, - { - "name" : "27174", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27174" - }, - { - "name" : "3182", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3182" - }, - { - "name" : "lanai-upload-file-upload(42425)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42425" - }, - { - "name" : "syntaxcms-upload-file-upload(42733)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42733" - }, - { - "name" : "cardinal-upload-file-upload(44455)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44455" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains \".php.\" and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30677", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30677" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=743930", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=743930" + }, + { + "name": "http://dev.fckeditor.net/ticket/1325", + "refsource": "MISC", + "url": "http://dev.fckeditor.net/ticket/1325" + }, + { + "name": "5688", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5688" + }, + { + "name": "http://www.waraxe.us/advisory-57.html", + "refsource": "MISC", + "url": "http://www.waraxe.us/advisory-57.html" + }, + { + "name": "29422", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29422" + }, + { + "name": "syntaxcms-upload-file-upload(42733)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42733" + }, + { + "name": "5618", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5618" + }, + { + "name": "cardinal-upload-file-upload(44455)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44455" + }, + { + "name": "lanai-upload-file-upload(42425)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42425" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=546000", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=546000" + }, + { + "name": "27123", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27123" + }, + { + "name": "3182", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3182" + }, + { + "name": "http://dev.fckeditor.net/changeset/973", + "refsource": "MISC", + "url": "http://dev.fckeditor.net/changeset/973" + }, + { + "name": "20070927 [waraxe-2007-SA#057] - Unauthorized File Upload in SiteX CMS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/480830/100/0/threaded" + }, + { + "name": "27174", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27174" + }, + { + "name": "ADV-2007-3464", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3464" + }, + { + "name": "ADV-2007-3465", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3465" + }, + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/30677.php", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/30677.php" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5351.json b/2007/5xxx/CVE-2007-5351.json index 95840c7f72e..3af6c776d48 100644 --- a/2007/5xxx/CVE-2007-5351.json +++ b/2007/5xxx/CVE-2007-5351.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka \"SMBv2 Signing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2007-5351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02299", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/485268/100/0/threaded" - }, - { - "name" : "SSRT071506", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/485268/100/0/threaded" - }, - { - "name" : "MS07-063", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-063" - }, - { - "name" : "TA07-345A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-345A.html" - }, - { - "name" : "VU#520465", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/520465" - }, - { - "name" : "26777", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26777" - }, - { - "name" : "ADV-2007-4179", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4179" - }, - { - "name" : "oval:org.mitre.oval:def:4208", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4208" - }, - { - "name" : "1019072", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019072" - }, - { - "name" : "27997", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27997" - }, - { - "name" : "win-vista-smbv2-code-execution(38725)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka \"SMBv2 Signing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-4179", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4179" + }, + { + "name": "SSRT071506", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" + }, + { + "name": "win-vista-smbv2-code-execution(38725)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38725" + }, + { + "name": "MS07-063", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-063" + }, + { + "name": "1019072", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019072" + }, + { + "name": "oval:org.mitre.oval:def:4208", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4208" + }, + { + "name": "26777", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26777" + }, + { + "name": "HPSBST02299", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" + }, + { + "name": "VU#520465", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/520465" + }, + { + "name": "TA07-345A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html" + }, + { + "name": "27997", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27997" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5866.json b/2007/5xxx/CVE-2007-5866.json index 61d7fe5c6f6..a137c8d95c2 100644 --- a/2007/5xxx/CVE-2007-5866.json +++ b/2007/5xxx/CVE-2007-5866.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5866", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5866", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5943.json b/2007/5xxx/CVE-2007-5943.json index eaf83710d2a..458a6c3346b 100644 --- a/2007/5xxx/CVE-2007-5943.json +++ b/2007/5xxx/CVE-2007-5943.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the \"show results as messages\" option, then searching for possible keywords contained in that message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071108 Simple Machine Forum - Private section/posts/info disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/483437/100/0/threaded" - }, - { - "name" : "26508", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the \"show results as messages\" option, then searching for possible keywords contained in that message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26508", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26508" + }, + { + "name": "20071108 Simple Machine Forum - Private section/posts/info disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/483437/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2449.json b/2009/2xxx/CVE-2009-2449.json index d7528d5663e..d5953e03dba 100644 --- a/2009/2xxx/CVE-2009-2449.json +++ b/2009/2xxx/CVE-2009-2449.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in maillinglist/admin/change_config.php in ADbNewsSender before 1.5.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path_to_lang parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/apps/mantisbt/adbnewssender/view.php?id=22", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/apps/mantisbt/adbnewssender/view.php?id=22" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=694644", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=694644" - }, - { - "name" : "35596", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35596" - }, - { - "name" : "35845", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35845" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in maillinglist/admin/change_config.php in ADbNewsSender before 1.5.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path_to_lang parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=694644", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=694644" + }, + { + "name": "http://sourceforge.net/apps/mantisbt/adbnewssender/view.php?id=22", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/apps/mantisbt/adbnewssender/view.php?id=22" + }, + { + "name": "35596", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35596" + }, + { + "name": "35845", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35845" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2470.json b/2009/2xxx/CVE-2009-2470.json index ad837cb4eb0..cc4d2165019 100644 --- a/2009/2xxx/CVE-2009-2470.json +++ b/2009/2xxx/CVE-2009-2470.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a denial of service (data stream corruption) via a long domain name in a reply." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-2470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-38.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-38.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=459524", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=459524" - }, - { - "name" : "FEDORA-2009-8279", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00198.html" - }, - { - "name" : "FEDORA-2009-8288", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00261.html" - }, - { - "name" : "RHSA-2010:0153", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0153.html" - }, - { - "name" : "RHSA-2010:0154", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0154.html" - }, - { - "name" : "266148", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1" - }, - { - "name" : "35925", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35925" - }, - { - "name" : "oval:org.mitre.oval:def:10197", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10197" - }, - { - "name" : "1022665", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022665" - }, - { - "name" : "36126", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36126" - }, - { - "name" : "ADV-2009-2142", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2142" - }, - { - "name" : "ADV-2010-0650", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0650" - }, - { - "name" : "firefox-socks5-dos(52252)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52252" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a denial of service (data stream corruption) via a long domain name in a reply." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-2142", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2142" + }, + { + "name": "RHSA-2010:0153", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0153.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=459524", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=459524" + }, + { + "name": "1022665", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022665" + }, + { + "name": "266148", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1" + }, + { + "name": "ADV-2010-0650", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0650" + }, + { + "name": "firefox-socks5-dos(52252)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52252" + }, + { + "name": "35925", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35925" + }, + { + "name": "FEDORA-2009-8288", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00261.html" + }, + { + "name": "RHSA-2010:0154", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0154.html" + }, + { + "name": "36126", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36126" + }, + { + "name": "FEDORA-2009-8279", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00198.html" + }, + { + "name": "oval:org.mitre.oval:def:10197", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10197" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-38.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-38.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2589.json b/2009/2xxx/CVE-2009-2589.json index daa4bd0729f..6d1b19aabf4 100644 --- a/2009/2xxx/CVE-2009-2589.json +++ b/2009/2xxx/CVE-2009-2589.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Hutscripts PHP Website Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/hutscript-sqlxss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/hutscript-sqlxss.txt" - }, - { - "name" : "56170", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56170" - }, - { - "name" : "56171", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56171" - }, - { - "name" : "56172", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56172" - }, - { - "name" : "35893", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35893" - }, - { - "name" : "ADV-2009-1978", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1978" - }, - { - "name" : "hutscripts-msg-xss(51912)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51912" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Hutscripts PHP Website Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56170", + "refsource": "OSVDB", + "url": "http://osvdb.org/56170" + }, + { + "name": "ADV-2009-1978", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1978" + }, + { + "name": "http://packetstormsecurity.org/0907-exploits/hutscript-sqlxss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/hutscript-sqlxss.txt" + }, + { + "name": "56171", + "refsource": "OSVDB", + "url": "http://osvdb.org/56171" + }, + { + "name": "hutscripts-msg-xss(51912)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51912" + }, + { + "name": "56172", + "refsource": "OSVDB", + "url": "http://osvdb.org/56172" + }, + { + "name": "35893", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35893" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2805.json b/2009/2xxx/CVE-2009-2805.json index a648f60b05d..2ea7183fcd3 100644 --- a/2009/2xxx/CVE-2009-2805.json +++ b/2009/2xxx/CVE-2009-2805.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3865", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3865" - }, - { - "name" : "APPLE-SA-2009-09-10-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" - }, - { - "name" : "36358", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36358" - }, - { - "name" : "57950", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/57950" - }, - { - "name" : "36701", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36701" - }, - { - "name" : "macosx-jbig2-bo(53167)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53167" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57950", + "refsource": "OSVDB", + "url": "http://osvdb.org/57950" + }, + { + "name": "APPLE-SA-2009-09-10-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" + }, + { + "name": "36358", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36358" + }, + { + "name": "http://support.apple.com/kb/HT3865", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3865" + }, + { + "name": "36701", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36701" + }, + { + "name": "macosx-jbig2-bo(53167)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53167" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3827.json b/2009/3xxx/CVE-2009-3827.json index 67a61a3711e..96a081789fe 100644 --- a/2009/3xxx/CVE-2009-3827.json +++ b/2009/3xxx/CVE-2009-3827.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3827", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3827", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0129.json b/2015/0xxx/CVE-2015-0129.json index ebe68ca5cd8..8da7d489d79 100644 --- a/2015/0xxx/CVE-2015-0129.json +++ b/2015/0xxx/CVE-2015-0129.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager (RQM) 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696856", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696856" - }, - { - "name" : "1031886", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031886" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager (RQM) 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21696856", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696856" + }, + { + "name": "1031886", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031886" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0299.json b/2015/0xxx/CVE-2015-0299.json index 832fcc5ecbd..1d31a7f3418 100644 --- a/2015/0xxx/CVE-2015-0299.json +++ b/2015/0xxx/CVE-2015-0299.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Open Source Point of Sale 2.3.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-0299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/133737/Open-Source-Point-Of-Sale-2.3.1-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133737/Open-Source-Point-Of-Sale-2.3.1-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Source Point of Sale 2.3.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/133737/Open-Source-Point-Of-Sale-2.3.1-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133737/Open-Source-Point-Of-Sale-2.3.1-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0402.json b/2015/0xxx/CVE-2015-0402.json index b35844c897d..fb4f8a01cdb 100644 --- a/2015/0xxx/CVE-2015-0402.json +++ b/2015/0xxx/CVE-2015-0402.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0402", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Integration - COM." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "72187", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72187" - }, - { - "name" : "1031578", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031578" - }, - { - "name" : "oracle-cpujan2015-cve20150402(100121)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Integration - COM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-cpujan2015-cve20150402(100121)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100121" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "72187", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72187" + }, + { + "name": "1031578", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031578" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0813.json b/2015/0xxx/CVE-2015-0813.json index 08b8f9eca51..6b29c545c7f 100644 --- a/2015/0xxx/CVE-2015-0813.json +++ b/2015/0xxx/CVE-2015-0813.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-0813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-31.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-31.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1106596", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1106596" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "DSA-3211", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3211" - }, - { - "name" : "DSA-3212", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3212" - }, - { - "name" : "GLSA-201512-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201512-10" - }, - { - "name" : "RHSA-2015:0766", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0766.html" - }, - { - "name" : "RHSA-2015:0771", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0771.html" - }, - { - "name" : "SUSE-SU-2015:0704", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html" - }, - { - "name" : "openSUSE-SU-2015:0677", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html" - }, - { - "name" : "openSUSE-SU-2015:1266", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" - }, - { - "name" : "openSUSE-SU-2015:0892", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html" - }, - { - "name" : "USN-2550-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2550-1" - }, - { - "name" : "USN-2552-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2552-1" - }, - { - "name" : "73463", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73463" - }, - { - "name" : "1031996", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031996" - }, - { - "name" : "1032000", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "73463", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73463" + }, + { + "name": "1031996", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031996" + }, + { + "name": "openSUSE-SU-2015:0892", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html" + }, + { + "name": "GLSA-201512-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201512-10" + }, + { + "name": "DSA-3212", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3212" + }, + { + "name": "SUSE-SU-2015:0704", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html" + }, + { + "name": "USN-2552-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2552-1" + }, + { + "name": "RHSA-2015:0766", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0766.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-31.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-31.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "openSUSE-SU-2015:1266", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" + }, + { + "name": "USN-2550-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2550-1" + }, + { + "name": "1032000", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032000" + }, + { + "name": "openSUSE-SU-2015:0677", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html" + }, + { + "name": "RHSA-2015:0771", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0771.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1106596", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1106596" + }, + { + "name": "DSA-3211", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3211" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3933.json b/2015/3xxx/CVE-2015-3933.json index e9d009dde70..a862c223e6a 100644 --- a/2015/3xxx/CVE-2015-3933.json +++ b/2015/3xxx/CVE-2015-3933.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37363", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37363/" - }, - { - "name" : "https://github.com/semplon/GeniXCMS/releases/tag/v0.0.3-patch", - "refsource" : "CONFIRM", - "url" : "https://github.com/semplon/GeniXCMS/releases/tag/v0.0.3-patch" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37363", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37363/" + }, + { + "name": "https://github.com/semplon/GeniXCMS/releases/tag/v0.0.3-patch", + "refsource": "CONFIRM", + "url": "https://github.com/semplon/GeniXCMS/releases/tag/v0.0.3-patch" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4180.json b/2015/4xxx/CVE-2015-4180.json index c6b3e5ff826..27f91fd13ca 100644 --- a/2015/4xxx/CVE-2015-4180.json +++ b/2015/4xxx/CVE-2015-4180.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4180", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2009-4050." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150604 Re: CVE requests / Advisory: phpMyBackupPro", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/06/04/10" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2009-4050." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150604 Re: CVE requests / Advisory: phpMyBackupPro", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/06/04/10" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4251.json b/2015/4xxx/CVE-2015-4251.json index c8625e9f174..980904bf538 100644 --- a/2015/4xxx/CVE-2015-4251.json +++ b/2015/4xxx/CVE-2015-4251.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4251", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-4251", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4615.json b/2015/4xxx/CVE-2015-4615.json index 6f1220a5411..247cece01e1 100644 --- a/2015/4xxx/CVE-2015-4615.json +++ b/2015/4xxx/CVE-2015-4615.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "larry0@me.com", - "DATE_ASSIGNED" : "2015-06-08", - "ID" : "CVE-2015-4615", - "REQUESTER" : "cve-assign@mitre.org", - "STATE" : "PUBLIC", - "UPDATED" : "2019-02-13T10:41Z" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Easy2map-photos WordPress Plugin", - "version" : { - "version_data" : [ - { - "version_affected" : "1.09", - "version_value" : "1.09" - } - ] - } - } - ] - }, - "vendor_name" : "Steven Ellis" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection in easy2map-photos wordpress plugin v1.09" - } + "CVE_data_meta": { + "ASSIGNER": "larry0@me.com", + "DATE_ASSIGNED": "2015-06-08", + "ID": "CVE-2015-4615", + "REQUESTER": "cve-assign@mitre.org", + "STATE": "PUBLIC", + "UPDATED": "2019-02-13T10:41Z" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Easy2map-photos WordPress Plugin", + "version": { + "version_data": [ + { + "version_affected": "1.09", + "version_value": "1.09" + } + ] + } + } + ] + }, + "vendor_name": "Steven Ellis" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vapid.dhs.org/advisory.php?v=130", - "refsource" : "MISC", - "url" : "http://www.vapid.dhs.org/advisory.php?v=130" - }, - { - "name" : "https://wordpress.org/plugins/easy2map-photos", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/easy2map-photos" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection in easy2map-photos wordpress plugin v1.09" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vapid.dhs.org/advisory.php?v=130", + "refsource": "MISC", + "url": "http://www.vapid.dhs.org/advisory.php?v=130" + }, + { + "name": "https://wordpress.org/plugins/easy2map-photos", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/easy2map-photos" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4730.json b/2015/4xxx/CVE-2015-4730.json index 75ec4b37889..5c9e56aee2b 100644 --- a/2015/4xxx/CVE-2015-4730.json +++ b/2015/4xxx/CVE-2015-4730.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4730", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4730", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "USN-2781-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2781-1" - }, - { - "name" : "77199", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77199" - }, - { - "name" : "1033894", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033894" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033894", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033894" + }, + { + "name": "USN-2781-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2781-1" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "77199", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77199" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8075.json b/2015/8xxx/CVE-2015-8075.json index 1c8968db7ee..418fa5f7fc1 100644 --- a/2015/8xxx/CVE-2015-8075.json +++ b/2015/8xxx/CVE-2015-8075.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8075", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-8075", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8081.json b/2015/8xxx/CVE-2015-8081.json index b360792960c..283ab1fb554 100644 --- a/2015/8xxx/CVE-2015-8081.json +++ b/2015/8xxx/CVE-2015-8081.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Field as Block module 7.x-1.x before 7.x-1.4 for Drupal might allow remote attackers to obtain sensitive field information by reading a cached block." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/node/2603560", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2603560" - }, - { - "name" : "https://www.drupal.org/node/2603420", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2603420" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Field as Block module 7.x-1.x before 7.x-1.4 for Drupal might allow remote attackers to obtain sensitive field information by reading a cached block." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2603560", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2603560" + }, + { + "name": "https://www.drupal.org/node/2603420", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2603420" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8253.json b/2015/8xxx/CVE-2015-8253.json index 2eb14d284c4..67ed7a0f599 100644 --- a/2015/8xxx/CVE-2015-8253.json +++ b/2015/8xxx/CVE-2015-8253.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Frontel protocol before 3 on RSI Video Technologies Videofied devices sets up AES encryption but sends all traffic in cleartext, which allows remote attackers to obtain sensitive (1) message or (2) MJPEG video data by sniffing the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-8253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cybergibbons.com/alarms-2/multiple-serious-vulnerabilities-in-rsi-videofieds-alarm-protocol/", - "refsource" : "MISC", - "url" : "http://cybergibbons.com/alarms-2/multiple-serious-vulnerabilities-in-rsi-videofieds-alarm-protocol/" - }, - { - "name" : "VU#792004", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/792004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Frontel protocol before 3 on RSI Video Technologies Videofied devices sets up AES encryption but sends all traffic in cleartext, which allows remote attackers to obtain sensitive (1) message or (2) MJPEG video data by sniffing the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cybergibbons.com/alarms-2/multiple-serious-vulnerabilities-in-rsi-videofieds-alarm-protocol/", + "refsource": "MISC", + "url": "http://cybergibbons.com/alarms-2/multiple-serious-vulnerabilities-in-rsi-videofieds-alarm-protocol/" + }, + { + "name": "VU#792004", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/792004" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8548.json b/2015/8xxx/CVE-2015-8548.json index 62ba2034ea8..e40e76a1604 100644 --- a/2015/8xxx/CVE-2015-8548.json +++ b/2015/8xxx/CVE-2015-8548.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.80, allow attackers to cause a denial of service or possibly have other impact via unknown vectors, a different issue than CVE-2015-8478." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-8548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html" - }, - { - "name" : "RHSA-2015:2618", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2618.html" - }, - { - "name" : "USN-2860-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2860-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.80, allow attackers to cause a denial of service or possibly have other impact via unknown vectors, a different issue than CVE-2015-8478." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html" + }, + { + "name": "RHSA-2015:2618", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2618.html" + }, + { + "name": "USN-2860-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2860-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9141.json b/2015/9xxx/CVE-2015-9141.json index 86ecb445df2..45bc8adf9d1 100644 --- a/2015/9xxx/CVE-2015-9141.json +++ b/2015/9xxx/CVE-2015-9141.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2015-9141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 800, SD 808, SD 810" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 800, SD 808, and SD 810, in HHO scenarios, during the ACQ procedure, there are possible instances where the search database is incorrectly updated resulting in memory corruption due to buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in ACQ HHO scenarios without pullin procedure" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2015-9141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 800, SD 808, SD 810" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 800, SD 808, and SD 810, in HHO scenarios, during the ACQ procedure, there are possible instances where the search database is incorrectly updated resulting in memory corruption due to buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer overflow in ACQ HHO scenarios without pullin procedure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5143.json b/2016/5xxx/CVE-2016-5143.json index 06cb6a57a05..38eccafecda 100644 --- a/2016/5xxx/CVE-2016-5143.json +++ b/2016/5xxx/CVE-2016-5143.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2016-5143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://codereview.chromium.org/2065823004", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/2065823004" - }, - { - "name" : "https://crbug.com/619414", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/619414" - }, - { - "name" : "DSA-3645", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3645" - }, - { - "name" : "FEDORA-2016-e9798eaaa3", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KMX62M7UNRLWO4FEQ6YIMPMTKXXJV6A/" - }, - { - "name" : "GLSA-201610-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-09" - }, - { - "name" : "RHSA-2016:1580", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1580.html" - }, - { - "name" : "openSUSE-SU-2016:1982", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00005.html" - }, - { - "name" : "openSUSE-SU-2016:1983", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00006.html" - }, - { - "name" : "92276", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92276" - }, - { - "name" : "1036547", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://codereview.chromium.org/2065823004", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/2065823004" + }, + { + "name": "92276", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92276" + }, + { + "name": "openSUSE-SU-2016:1983", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00006.html" + }, + { + "name": "RHSA-2016:1580", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1580.html" + }, + { + "name": "1036547", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036547" + }, + { + "name": "https://crbug.com/619414", + "refsource": "CONFIRM", + "url": "https://crbug.com/619414" + }, + { + "name": "GLSA-201610-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-09" + }, + { + "name": "http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html" + }, + { + "name": "openSUSE-SU-2016:1982", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00005.html" + }, + { + "name": "DSA-3645", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3645" + }, + { + "name": "FEDORA-2016-e9798eaaa3", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KMX62M7UNRLWO4FEQ6YIMPMTKXXJV6A/" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5611.json b/2016/5xxx/CVE-2016-5611.json index c18a5b3fbdb..f9002becc90 100644 --- a/2016/5xxx/CVE-2016-5611.json +++ b/2016/5xxx/CVE-2016-5611.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5611", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-5611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "GLSA-201612-27", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-27" - }, - { - "name" : "93744", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93744" - }, - { - "name" : "1037053", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93744", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93744" + }, + { + "name": "GLSA-201612-27", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-27" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "1037053", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037053" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5862.json b/2016/5xxx/CVE-2016-5862.json index 3ba5fd3e4fc..cf8e9ca978d 100644 --- a/2016/5xxx/CVE-2016-5862.json +++ b/2016/5xxx/CVE-2016-5862.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-05-01T00:00:00", - "ID" : "CVE-2016-5862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "Android for MSM, Firefox OS for MSM, QRD Android" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When a control related to codec is issued from userspace in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, the type casting is done to the container structure instead of the codec's individual structure, resulting in a device restart after kernel crash occurs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted Pointer Dereference in Audio" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-05-01T00:00:00", + "ID": "CVE-2016-5862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "Android for MSM, Firefox OS for MSM, QRD Android" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=4199451e83729a3add781eeafaee32994ff65b04", - "refsource" : "MISC", - "url" : "https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=4199451e83729a3add781eeafaee32994ff65b04" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98194", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98194" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When a control related to codec is issued from userspace in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, the type casting is done to the container structure instead of the codec's individual structure, resulting in a device restart after kernel crash occurs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted Pointer Dereference in Audio" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98194", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98194" + }, + { + "name": "https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=4199451e83729a3add781eeafaee32994ff65b04", + "refsource": "MISC", + "url": "https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=4199451e83729a3add781eeafaee32994ff65b04" + }, + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2171.json b/2018/2xxx/CVE-2018-2171.json index e7fe2d03b08..d4d144b7ba5 100644 --- a/2018/2xxx/CVE-2018-2171.json +++ b/2018/2xxx/CVE-2018-2171.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2171", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2171", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2302.json b/2018/2xxx/CVE-2018-2302.json index 757817746e1..9d6a2148ac4 100644 --- a/2018/2xxx/CVE-2018-2302.json +++ b/2018/2xxx/CVE-2018-2302.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2302", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2302", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2675.json b/2018/2xxx/CVE-2018-2675.json index a951a7ea95c..928e0135e51 100644 --- a/2018/2xxx/CVE-2018-2675.json +++ b/2018/2xxx/CVE-2018-2675.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java Advanced Management Console: 2.8" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java Advanced Management Console accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java Advanced Management Console: 2.8" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180117-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180117-0001/" - }, - { - "name" : "102670", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102670" - }, - { - "name" : "1040203", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040203" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java Advanced Management Console accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180117-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180117-0001/" + }, + { + "name": "102670", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102670" + }, + { + "name": "1040203", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040203" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2756.json b/2018/2xxx/CVE-2018-2756.json index 82ae1d0d7a6..cc68f729f42 100644 --- a/2018/2xxx/CVE-2018-2756.json +++ b/2018/2xxx/CVE-2018-2756.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Communications Order and Service Management", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "7.2.4.3.0" - }, - { - "version_affected" : "=", - "version_value" : "7.3.0.1.x" - }, - { - "version_affected" : "=", - "version_value" : "7.3.1.0.7" - }, - { - "version_affected" : "=", - "version_value" : "7.3.5.0.x" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Communications Order and Service Management component of Oracle Communications Applications (subcomponent: WebUI). Supported versions that are affected are 7.2.4.3.0, 7.3.0.1.x, 7.3.1.0.7 and 7.3.5.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Order and Service Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data. CVSS 3.0 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Order and Service Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Communications Order and Service Management", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.2.4.3.0" + }, + { + "version_affected": "=", + "version_value": "7.3.0.1.x" + }, + { + "version_affected": "=", + "version_value": "7.3.1.0.7" + }, + { + "version_affected": "=", + "version_value": "7.3.5.0.x" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "103874", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103874" - }, - { - "name" : "1040692", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040692" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Communications Order and Service Management component of Oracle Communications Applications (subcomponent: WebUI). Supported versions that are affected are 7.2.4.3.0, 7.3.0.1.x, 7.3.1.0.7 and 7.3.5.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Order and Service Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data. CVSS 3.0 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Order and Service Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040692", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040692" + }, + { + "name": "103874", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103874" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2790.json b/2018/2xxx/CVE-2018-2790.json index ad3b04252e5..21b0d1cffa3 100644 --- a/2018/2xxx/CVE-2018-2790.json +++ b/2018/2xxx/CVE-2018-2790.json @@ -1,205 +1,205 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java SE: 6u181" - }, - { - "version_affected" : "=", - "version_value" : "7u171" - }, - { - "version_affected" : "=", - "version_value" : "8u162" - }, - { - "version_affected" : "=", - "version_value" : "10; Java SE Embedded: 8u161" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java SE: 6u181" + }, + { + "version_affected": "=", + "version_value": "7u171" + }, + { + "version_affected": "=", + "version_value": "8u162" + }, + { + "version_affected": "=", + "version_value": "10; Java SE Embedded: 8u161" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180419-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180419-0001/" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us" - }, - { - "name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", - "refsource" : "CONFIRM", - "url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" - }, - { - "name" : "DSA-4185", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4185" - }, - { - "name" : "DSA-4225", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4225" - }, - { - "name" : "GLSA-201903-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201903-14" - }, - { - "name" : "RHSA-2018:1188", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1188" - }, - { - "name" : "RHSA-2018:1191", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1191" - }, - { - "name" : "RHSA-2018:1201", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1201" - }, - { - "name" : "RHSA-2018:1202", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1202" - }, - { - "name" : "RHSA-2018:1203", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1203" - }, - { - "name" : "RHSA-2018:1204", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1204" - }, - { - "name" : "RHSA-2018:1205", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1205" - }, - { - "name" : "RHSA-2018:1206", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1206" - }, - { - "name" : "RHSA-2018:1270", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1270" - }, - { - "name" : "RHSA-2018:1278", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1278" - }, - { - "name" : "RHSA-2018:1721", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1721" - }, - { - "name" : "RHSA-2018:1722", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1722" - }, - { - "name" : "RHSA-2018:1723", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1723" - }, - { - "name" : "RHSA-2018:1724", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1724" - }, - { - "name" : "RHSA-2018:1974", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1974" - }, - { - "name" : "RHSA-2018:1975", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1975" - }, - { - "name" : "USN-3644-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3644-1/" - }, - { - "name" : "USN-3691-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3691-1/" - }, - { - "name" : "103877", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103877" - }, - { - "name" : "1040697", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:1278", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1278" + }, + { + "name": "DSA-4185", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4185" + }, + { + "name": "RHSA-2018:1975", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1975" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us" + }, + { + "name": "GLSA-201903-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201903-14" + }, + { + "name": "DSA-4225", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4225" + }, + { + "name": "1040697", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040697" + }, + { + "name": "RHSA-2018:1724", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1724" + }, + { + "name": "RHSA-2018:1203", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1203" + }, + { + "name": "USN-3644-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3644-1/" + }, + { + "name": "RHSA-2018:1723", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1723" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180419-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180419-0001/" + }, + { + "name": "RHSA-2018:1201", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1201" + }, + { + "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", + "refsource": "CONFIRM", + "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" + }, + { + "name": "RHSA-2018:1204", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1204" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "RHSA-2018:1722", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1722" + }, + { + "name": "RHSA-2018:1974", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1974" + }, + { + "name": "RHSA-2018:1205", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1205" + }, + { + "name": "RHSA-2018:1721", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1721" + }, + { + "name": "USN-3691-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3691-1/" + }, + { + "name": "RHSA-2018:1202", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1202" + }, + { + "name": "RHSA-2018:1191", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1191" + }, + { + "name": "RHSA-2018:1188", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1188" + }, + { + "name": "RHSA-2018:1206", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1206" + }, + { + "name": "RHSA-2018:1270", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1270" + }, + { + "name": "103877", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103877" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6069.json b/2018/6xxx/CVE-2018-6069.json index c78cff3b839..ccf20eecfcf 100644 --- a/2018/6xxx/CVE-2018-6069.json +++ b/2018/6xxx/CVE-2018-6069.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-6069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "65.0.3325.146" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Stack buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-6069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "65.0.3325.146" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/799918", - "refsource" : "MISC", - "url" : "https://crbug.com/799918" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4182", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4182" - }, - { - "name" : "RHSA-2018:0484", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0484" - }, - { - "name" : "103297", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103297" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/799918", + "refsource": "MISC", + "url": "https://crbug.com/799918" + }, + { + "name": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html" + }, + { + "name": "103297", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103297" + }, + { + "name": "RHSA-2018:0484", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0484" + }, + { + "name": "DSA-4182", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4182" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6091.json b/2018/6xxx/CVE-2018-6091.json index 5994409e8d2..643ad91fc0c 100644 --- a/2018/6xxx/CVE-2018-6091.json +++ b/2018/6xxx/CVE-2018-6091.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-6091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "66.0.3359.117" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Service Workers can intercept any request made by an or tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Inappropriate implementation" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-6091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "66.0.3359.117" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/771933", - "refsource" : "MISC", - "url" : "https://crbug.com/771933" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4182", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4182" - }, - { - "name" : "GLSA-201804-22", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201804-22" - }, - { - "name" : "RHSA-2018:1195", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1195" - }, - { - "name" : "103917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Service Workers can intercept any request made by an or tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html" + }, + { + "name": "https://crbug.com/771933", + "refsource": "MISC", + "url": "https://crbug.com/771933" + }, + { + "name": "GLSA-201804-22", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201804-22" + }, + { + "name": "DSA-4182", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4182" + }, + { + "name": "103917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103917" + }, + { + "name": "RHSA-2018:1195", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1195" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6254.json b/2018/6xxx/CVE-2018-6254.json index 879f65d9f50..2aaadc9a758 100644 --- a/2018/6xxx/CVE-2018-6254.json +++ b/2018/6xxx/CVE-2018-6254.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "DATE_PUBLIC" : "2018-05-07T00:00:00", - "ID" : "CVE-2018-6254", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "NA" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before the 2018-05-05 security patch level, NVIDIA Media Server contains an out-of-bounds read (due to improper input validation) vulnerability which could lead to local information disclosure. This issue is rated as moderate. Android: A-64340684. Reference: N-CVE-2018-6254." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "DATE_PUBLIC": "2018-05-07T00:00:00", + "ID": "CVE-2018-6254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "NA" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-05-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before the 2018-05-05 security patch level, NVIDIA Media Server contains an out-of-bounds read (due to improper input validation) vulnerability which could lead to local information disclosure. This issue is rated as moderate. Android: A-64340684. Reference: N-CVE-2018-6254." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2018-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-05-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6498.json b/2018/6xxx/CVE-2018-6498.json index d55032827c0..961f72181f8 100644 --- a/2018/6xxx/CVE-2018-6498.json +++ b/2018/6xxx/CVE-2018-6498.json @@ -1,149 +1,149 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "DATE_PUBLIC" : "2018-08-30T17:00:00.000Z", - "ID" : "CVE-2018-6498", - "STATE" : "PUBLIC", - "TITLE" : "Micro Focus Container Deployment Foundation (CDF), Remote Code Execution" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : " Network Operations Management (NOM) Suite CDF", - "version" : { - "version_data" : [ - { - "version_value" : "2017.11, 2018.02, 2018.05" - } - ] - } - }, - { - "product_name" : "Service Management Automation Suite ", - "version" : { - "version_data" : [ - { - "version_value" : "2017.11, 2018.02, 2018.05" - } - ] - } - }, - { - "product_name" : "Data Center Automation Containerized Suite", - "version" : { - "version_data" : [ - { - "version_value" : "2017.01 until 2018.05" - } - ] - } - }, - { - "product_name" : "Operations Bridge Containerized Suite", - "version" : { - "version_data" : [ - { - "version_value" : "2017.11, 2018.02, 2018.05" - } - ] - } - }, - { - "product_name" : "Hybrid Cloud Management Containerized Suite", - "version" : { - "version_data" : [ - { - "version_value" : "HCM2017.11, HCM2018.02, HCM2018.05" - } - ] - } - } - ] - }, - "vendor_name" : "Micro Focus" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } - ], - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "ADJACENT_NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 8.8, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "LOW", - "integrityImpact" : "LOW", - "privilegesRequired" : "NONE", - "scope" : "CHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2018-08-30T17:00:00.000Z", + "ID": "CVE-2018-6498", + "STATE": "PUBLIC", + "TITLE": "Micro Focus Container Deployment Foundation (CDF), Remote Code Execution" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": " Network Operations Management (NOM) Suite CDF", + "version": { + "version_data": [ + { + "version_value": "2017.11, 2018.02, 2018.05" + } + ] + } + }, + { + "product_name": "Service Management Automation Suite ", + "version": { + "version_data": [ + { + "version_value": "2017.11, 2018.02, 2018.05" + } + ] + } + }, + { + "product_name": "Data Center Automation Containerized Suite", + "version": { + "version_data": [ + { + "version_value": "2017.01 until 2018.05" + } + ] + } + }, + { + "product_name": "Operations Bridge Containerized Suite", + "version": { + "version_data": [ + { + "version_value": "2017.11, 2018.02, 2018.05" + } + ] + } + }, + { + "product_name": "Hybrid Cloud Management Containerized Suite", + "version": { + "version_data": [ + { + "version_value": "HCM2017.11, HCM2018.02, HCM2018.05" + } + ] + } + } + ] + }, + "vendor_name": "Micro Focus" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236632", - "refsource" : "CONFIRM", - "url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236632" - }, - { - "name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236667", - "refsource" : "CONFIRM", - "url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236667" - }, - { - "name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236669", - "refsource" : "CONFIRM", - "url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236669" - }, - { - "name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236678", - "refsource" : "CONFIRM", - "url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236678" - }, - { - "name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236725", - "refsource" : "CONFIRM", - "url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236725" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ], + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236667", + "refsource": "CONFIRM", + "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236667" + }, + { + "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236669", + "refsource": "CONFIRM", + "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236669" + }, + { + "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236725", + "refsource": "CONFIRM", + "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236725" + }, + { + "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236632", + "refsource": "CONFIRM", + "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236632" + }, + { + "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236678", + "refsource": "CONFIRM", + "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236678" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0175.json b/2019/0xxx/CVE-2019-0175.json index a7b059d24cf..b52e7bab3d1 100644 --- a/2019/0xxx/CVE-2019-0175.json +++ b/2019/0xxx/CVE-2019-0175.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0175", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0175", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0954.json b/2019/0xxx/CVE-2019-0954.json index c34f6935d1e..765da0c10de 100644 --- a/2019/0xxx/CVE-2019-0954.json +++ b/2019/0xxx/CVE-2019-0954.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0954", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0954", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1587.json b/2019/1xxx/CVE-2019-1587.json index 50178841074..f883d21247d 100644 --- a/2019/1xxx/CVE-2019-1587.json +++ b/2019/1xxx/CVE-2019-1587.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1587", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1587", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1609.json b/2019/1xxx/CVE-2019-1609.json index 06f4f0b50e6..8e1c2886def 100644 --- a/2019/1xxx/CVE-2019-1609.json +++ b/2019/1xxx/CVE-2019-1609.json @@ -1,188 +1,188 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2019-03-06T16:00:00-0800", - "ID" : "CVE-2019-1609", - "STATE" : "PUBLIC", - "TITLE" : "Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609)" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MDS 9000 Series Multilayer Switches", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "6.2(27)" - }, - { - "affected" : "<", - "version_value" : "8.1(1b)" - }, - { - "affected" : "<", - "version_value" : "8.3(2)" - } - ] - } - }, - { - "product_name" : "Nexus 3500 Platform Switches", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "7.0(3)I7(6)" - } - ] - } - }, - { - "product_name" : "Nexus 3000 Series Switches", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "7.0(3)I4(9)" - }, - { - "affected" : "<", - "version_value" : "7.0(3)I7(6)" - } - ] - } - }, - { - "product_name" : "Nexus 3600 Platform Switches", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "7.0(3)F3(5)" - } - ] - } - }, - { - "product_name" : "Nexus 7000 and 7700 Series Switches", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "6.2(22)" - }, - { - "affected" : "<", - "version_value" : "7.3(3)D1(1)" - }, - { - "affected" : "<", - "version_value" : "8.2(3)" - }, - { - "affected" : "<", - "version_value" : "8.3(2)" - } - ] - } - }, - { - "product_name" : "Nexus 9000 Series Switches in Standalone NX-OS Mode", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "7.0(3)I4(9)" - }, - { - "affected" : "<", - "version_value" : "7.0(3)I7(6)" - } - ] - } - }, - { - "product_name" : "Nexus 9500 R-Series Line Cards and Fabric Modules", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "7.0(3)F3(5)" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(2). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(6). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(6). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), 8.2(3), and 8.3(2). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I4(9) and7.0(3)I7(6). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5)." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "4.2", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-77" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-06T16:00:00-0800", + "ID": "CVE-2019-1609", + "STATE": "PUBLIC", + "TITLE": "Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609)" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MDS 9000 Series Multilayer Switches", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "6.2(27)" + }, + { + "affected": "<", + "version_value": "8.1(1b)" + }, + { + "affected": "<", + "version_value": "8.3(2)" + } + ] + } + }, + { + "product_name": "Nexus 3500 Platform Switches", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "7.0(3)I7(6)" + } + ] + } + }, + { + "product_name": "Nexus 3000 Series Switches", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "7.0(3)I4(9)" + }, + { + "affected": "<", + "version_value": "7.0(3)I7(6)" + } + ] + } + }, + { + "product_name": "Nexus 3600 Platform Switches", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "7.0(3)F3(5)" + } + ] + } + }, + { + "product_name": "Nexus 7000 and 7700 Series Switches", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "6.2(22)" + }, + { + "affected": "<", + "version_value": "7.3(3)D1(1)" + }, + { + "affected": "<", + "version_value": "8.2(3)" + }, + { + "affected": "<", + "version_value": "8.3(2)" + } + ] + } + }, + { + "product_name": "Nexus 9000 Series Switches in Standalone NX-OS Mode", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "7.0(3)I4(9)" + }, + { + "affected": "<", + "version_value": "7.0(3)I7(6)" + } + ] + } + }, + { + "product_name": "Nexus 9500 R-Series Line Cards and Fabric Modules", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "7.0(3)F3(5)" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20190306 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609)", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1609" - }, - { - "name" : "107341", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107341" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20190306-nxos-cmdinj-1609", - "defect" : [ - [ - "CSCvj63253", - "CSCvk51387", - "CSCvk51388" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(2). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(6). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(6). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), 8.2(3), and 8.3(2). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I4(9) and7.0(3)I7(6). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5)." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "4.2", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "107341", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107341" + }, + { + "name": "20190306 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609)", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1609" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190306-nxos-cmdinj-1609", + "defect": [ + [ + "CSCvj63253", + "CSCvk51387", + "CSCvk51388" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1866.json b/2019/1xxx/CVE-2019-1866.json index 536afdfd12c..728c5c78598 100644 --- a/2019/1xxx/CVE-2019-1866.json +++ b/2019/1xxx/CVE-2019-1866.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1866", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1866", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1951.json b/2019/1xxx/CVE-2019-1951.json index b7007190e9d..0c9942eb98d 100644 --- a/2019/1xxx/CVE-2019-1951.json +++ b/2019/1xxx/CVE-2019-1951.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1951", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1951", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5020.json b/2019/5xxx/CVE-2019-5020.json index 28cfcd37484..5c19ef7721e 100644 --- a/2019/5xxx/CVE-2019-5020.json +++ b/2019/5xxx/CVE-2019-5020.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5020", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5020", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5138.json b/2019/5xxx/CVE-2019-5138.json index 43c40e83665..ceace172021 100644 --- a/2019/5xxx/CVE-2019-5138.json +++ b/2019/5xxx/CVE-2019-5138.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5138", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5138", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5203.json b/2019/5xxx/CVE-2019-5203.json index 957a1db1d53..8d4cab2a2bb 100644 --- a/2019/5xxx/CVE-2019-5203.json +++ b/2019/5xxx/CVE-2019-5203.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5203", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5203", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5550.json b/2019/5xxx/CVE-2019-5550.json index fb389fe1db8..5f7ebdb8a4a 100644 --- a/2019/5xxx/CVE-2019-5550.json +++ b/2019/5xxx/CVE-2019-5550.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5550", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5550", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file