diff --git a/1999/0xxx/CVE-1999-0661.json b/1999/0xxx/CVE-1999-0661.json index ab087de5bd3..70332be24a1 100644 --- a/1999/0xxx/CVE-1999-0661.json +++ b/1999/0xxx/CVE-1999-0661.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CA-1994-07", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-1994-07.html" - }, - { - "name" : "CA-1994-14", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-1994-14.html" - }, - { - "name" : "CA-1999-01", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-1999-01.html" - }, - { - "name" : "CA-1999-02", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-1999-02.html" - }, - { - "name" : "CA-2002-28", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-28.html" - }, - { - "name" : "20020801 trojan horse in recent openssh (version 3.4 portable 1)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102820843403741&w=2" - }, - { - "name" : "20020801 OpenSSH Security Advisory: Trojaned Distribution Files", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102821663814127&w=2" - }, - { - "name" : "20021009 Re: CERT Advisory CA-2002-28 Trojan Horse Sendmail", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/294539" - }, - { - "name" : "5921", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5921" - }, - { - "name" : "sendmail-backdoor(10313)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10313.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021009 Re: CERT Advisory CA-2002-28 Trojan Horse Sendmail", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/294539" + }, + { + "name": "sendmail-backdoor(10313)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10313.php" + }, + { + "name": "5921", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5921" + }, + { + "name": "CA-1999-02", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-1999-02.html" + }, + { + "name": "20020801 OpenSSH Security Advisory: Trojaned Distribution Files", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102821663814127&w=2" + }, + { + "name": "CA-1994-14", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-1994-14.html" + }, + { + "name": "20020801 trojan horse in recent openssh (version 3.4 portable 1)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102820843403741&w=2" + }, + { + "name": "CA-1999-01", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-1999-01.html" + }, + { + "name": "CA-1994-07", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-1994-07.html" + }, + { + "name": "CA-2002-28", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-28.html" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0779.json b/1999/0xxx/CVE-1999-0779.json index 70f9517fd46..d4bce08dd77 100644 --- a/1999/0xxx/CVE-1999-0779.json +++ b/1999/0xxx/CVE-1999-0779.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0779", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Denial of service in HP-UX SharedX recserv program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0779", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX9810-086", - "refsource" : "HP", - "url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9810-086" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Denial of service in HP-UX SharedX recserv program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBUX9810-086", + "refsource": "HP", + "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9810-086" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0927.json b/1999/0xxx/CVE-1999-0927.json index d1667a47878..db1df7cbb53 100644 --- a/1999/0xxx/CVE-1999-0927.json +++ b/1999/0xxx/CVE-1999-0927.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0927", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NTMail allows remote attackers to read arbitrary files via a .. (dot dot) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "AD05261999", - "refsource" : "EEYE", - "url" : "http://www.eeye.com/html/Research/Advisories/AD05261999.html" - }, - { - "name" : "279", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/279" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NTMail allows remote attackers to read arbitrary files via a .. (dot dot) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "AD05261999", + "refsource": "EEYE", + "url": "http://www.eeye.com/html/Research/Advisories/AD05261999.html" + }, + { + "name": "279", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/279" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1312.json b/1999/1xxx/CVE-1999-1312.json index 039e4c8c054..30dd443d657 100644 --- a/1999/1xxx/CVE-1999-1312.json +++ b/1999/1xxx/CVE-1999-1312.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in DEC OpenVMS VAX 5.5-2 through 5.0, and OpenVMS AXP 1.0, allows local users to gain system privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CA-1993-05", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-1993-05.html" - }, - { - "name" : "openvms-local-privilege-elevation(7142)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7142" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in DEC OpenVMS VAX 5.5-2 through 5.0, and OpenVMS AXP 1.0, allows local users to gain system privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CA-1993-05", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-1993-05.html" + }, + { + "name": "openvms-local-privilege-elevation(7142)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7142" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1521.json b/1999/1xxx/CVE-1999-1521.json index 700bf8c153a..ad8d7a59821 100644 --- a/1999/1xxx/CVE-1999-1521.json +++ b/1999/1xxx/CVE-1999-1521.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Computalynx CMail 2.4 and CMail 2.3 SP2 SMTP servers are vulnerable to a buffer overflow attack in the MAIL FROM command that may allow a remote attacker to execute arbitrary code on the server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990912 Many kind of POP3/SMTP server softwares for Windows have buffer overflow bug", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=93720402717560&w=2" - }, - { - "name" : "19990729 Vulnerability in CMail SMTP Server Version 2.4: Remotely exploitable buffer", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=94121824921783&w=2" - }, - { - "name" : "633", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/633" - }, - { - "name" : "cmail-command-bo(2240)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/2240" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Computalynx CMail 2.4 and CMail 2.3 SP2 SMTP servers are vulnerable to a buffer overflow attack in the MAIL FROM command that may allow a remote attacker to execute arbitrary code on the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cmail-command-bo(2240)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2240" + }, + { + "name": "19990912 Many kind of POP3/SMTP server softwares for Windows have buffer overflow bug", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=93720402717560&w=2" + }, + { + "name": "19990729 Vulnerability in CMail SMTP Server Version 2.4: Remotely exploitable buffer", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=94121824921783&w=2" + }, + { + "name": "633", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/633" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1066.json b/2000/1xxx/CVE-2000-1066.json index c5ea5f54715..1a66edfa61d 100644 --- a/2000/1xxx/CVE-2000-1066.json +++ b/2000/1xxx/CVE-2000-1066.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows a remote attacker to cause a denial of service via a long DNS hostname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-00:63", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:63.getnameinfo.asc" - }, - { - "name" : "1894", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1894" - }, - { - "name" : "getnameinfo-dos(5454)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5454" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows a remote attacker to cause a denial of service via a long DNS hostname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "getnameinfo-dos(5454)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5454" + }, + { + "name": "1894", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1894" + }, + { + "name": "FreeBSD-SA-00:63", + "refsource": "FREEBSD", + "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:63.getnameinfo.asc" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2059.json b/2005/2xxx/CVE-2005-2059.json index 8ac7bfd5466..50ecacb1297 100644 --- a/2005/2xxx/CVE-2005-2059.json +++ b/2005/2xxx/CVE-2005-2059.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050624 Infopop UBB Threads Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111963737202040&w=2" - }, - { - "name" : "http://www.gulftech.org/?node=research&article_id=00084-06232005", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00084-06232005" - }, - { - "name" : "http://www.ubbcentral.com/boards/showflat.php/Cat/0/Number/42351/Main/42351/#Post42351", - "refsource" : "MISC", - "url" : "http://www.ubbcentral.com/boards/showflat.php/Cat/0/Number/42351/Main/42351/#Post42351" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ubbcentral.com/boards/showflat.php/Cat/0/Number/42351/Main/42351/#Post42351", + "refsource": "MISC", + "url": "http://www.ubbcentral.com/boards/showflat.php/Cat/0/Number/42351/Main/42351/#Post42351" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00084-06232005", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00084-06232005" + }, + { + "name": "20050624 Infopop UBB Threads Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111963737202040&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2434.json b/2005/2xxx/CVE-2005-2434.json index 52ac52a55a8..03732aae7ae 100644 --- a/2005/2xxx/CVE-2005-2434.json +++ b/2005/2xxx/CVE-2005-2434.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050728 Vulnerability in Linksys Router access", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112258422806340&w=2" - }, - { - "name" : "14407", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14407" - }, - { - "name" : "1014596", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014596" - }, - { - "name" : "16271", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16271" - }, - { - "name" : "linksys-wrt54g-session-decrypt(21635)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21635" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14407", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14407" + }, + { + "name": "20050728 Vulnerability in Linksys Router access", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112258422806340&w=2" + }, + { + "name": "1014596", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014596" + }, + { + "name": "linksys-wrt54g-session-decrypt(21635)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21635" + }, + { + "name": "16271", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16271" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2756.json b/2005/2xxx/CVE-2005-2756.json index 65ec9ccbe74..5b519d8ddf8 100644 --- a/2005/2xxx/CVE-2005-2756.json +++ b/2005/2xxx/CVE-2005-2756.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple QuickTime before 7.0.3 allows user-assisted attackers to overwrite memory and execute arbitrary code via a crafted PICT file that triggers an overflow during expansion." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051104 Advisory: Apple QuickTime PICT Remote Memory Overwrite", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/415714/30/0/threaded" - }, - { - "name" : "http://pb.specialised.info/all/adv/quicktime-pict-adv.txt", - "refsource" : "MISC", - "url" : "http://pb.specialised.info/all/adv/quicktime-pict-adv.txt" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=302772", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=302772" - }, - { - "name" : "VU#855118", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/855118" - }, - { - "name" : "15309", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15309" - }, - { - "name" : "ADV-2005-2293", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2293" - }, - { - "name" : "20478", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20478" - }, - { - "name" : "1015152", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015152" - }, - { - "name" : "17428", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17428" - }, - { - "name" : "144", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple QuickTime before 7.0.3 allows user-assisted attackers to overwrite memory and execute arbitrary code via a crafted PICT file that triggers an overflow during expansion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#855118", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/855118" + }, + { + "name": "20478", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20478" + }, + { + "name": "1015152", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015152" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=302772", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=302772" + }, + { + "name": "17428", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17428" + }, + { + "name": "144", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/144" + }, + { + "name": "http://pb.specialised.info/all/adv/quicktime-pict-adv.txt", + "refsource": "MISC", + "url": "http://pb.specialised.info/all/adv/quicktime-pict-adv.txt" + }, + { + "name": "20051104 Advisory: Apple QuickTime PICT Remote Memory Overwrite", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/415714/30/0/threaded" + }, + { + "name": "ADV-2005-2293", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2293" + }, + { + "name": "15309", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15309" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2820.json b/2005/2xxx/CVE-2005-2820.json index 9c341ed4115..4f4628c1fcf 100644 --- a/2005/2xxx/CVE-2005-2820.json +++ b/2005/2xxx/CVE-2005-2820.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer \"Conditional Comments\" such as \"[if]\" and \"[endif]\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050906 Secunia Research: SqWebMail Conditional Comments Script Insertion", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112607033030475&w=2" - }, - { - "name" : "http://secunia.com/secunia_research/2005-44/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2005-44/advisory/" - }, - { - "name" : "http://www.securiteam.com/unixfocus/5RP0220GUS.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/unixfocus/5RP0220GUS.html" - }, - { - "name" : "DSA-820", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-820" - }, - { - "name" : "USN-201-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-201-1" - }, - { - "name" : "16704", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16704/" - }, - { - "name" : "17156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17156" - }, - { - "name" : "sqwebmail-html-comment-xss(22158)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer \"Conditional Comments\" such as \"[if]\" and \"[endif]\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16704", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16704/" + }, + { + "name": "sqwebmail-html-comment-xss(22158)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22158" + }, + { + "name": "20050906 Secunia Research: SqWebMail Conditional Comments Script Insertion", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112607033030475&w=2" + }, + { + "name": "17156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17156" + }, + { + "name": "USN-201-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-201-1" + }, + { + "name": "http://secunia.com/secunia_research/2005-44/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2005-44/advisory/" + }, + { + "name": "DSA-820", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-820" + }, + { + "name": "http://www.securiteam.com/unixfocus/5RP0220GUS.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/unixfocus/5RP0220GUS.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2952.json b/2005/2xxx/CVE-2005-2952.json index 7d70baaab35..c1a3aa93265 100644 --- a/2005/2xxx/CVE-2005-2952.json +++ b/2005/2xxx/CVE-2005-2952.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2952", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in s.pl in Subscribe Me Pro 2.044.09P and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2952", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050913 Subscribe Me Pro 2.044.09P and prior Directory Traversal", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112662785418368&w=2" - }, - { - "name" : "http://www.h4cky0u.org/advisories/HYA-2005-007-subscribe-me-pro.txt", - "refsource" : "MISC", - "url" : "http://www.h4cky0u.org/advisories/HYA-2005-007-subscribe-me-pro.txt" - }, - { - "name" : "14817", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14817" - }, - { - "name" : "16796", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16796/" - }, - { - "name" : "4", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4" - }, - { - "name" : "subscribemepro-unknown-directory-traversal(22249)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22249" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in s.pl in Subscribe Me Pro 2.044.09P and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14817", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14817" + }, + { + "name": "4", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4" + }, + { + "name": "http://www.h4cky0u.org/advisories/HYA-2005-007-subscribe-me-pro.txt", + "refsource": "MISC", + "url": "http://www.h4cky0u.org/advisories/HYA-2005-007-subscribe-me-pro.txt" + }, + { + "name": "16796", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16796/" + }, + { + "name": "subscribemepro-unknown-directory-traversal(22249)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22249" + }, + { + "name": "20050913 Subscribe Me Pro 2.044.09P and prior Directory Traversal", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112662785418368&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5184.json b/2007/5xxx/CVE-2007-5184.json index 740202b3ba0..2ef91ba5164 100644 --- a/2007/5xxx/CVE-2007-5184.json +++ b/2007/5xxx/CVE-2007-5184.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the SMBDirList function in dirlist.c in SmbFTPD 0.96 allows remote attackers to execute arbitrary code via format string specifiers in a directory name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071001 smbftpd 0.96 format string vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/481220/100/0/threaded" - }, - { - "name" : "4478", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4478" - }, - { - "name" : "http://debork.se/poc/001_smbftpd.c", - "refsource" : "MISC", - "url" : "http://debork.se/poc/001_smbftpd.c" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=543077", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=543077" - }, - { - "name" : "25871", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25871" - }, - { - "name" : "ADV-2007-3311", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3311" - }, - { - "name" : "41385", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41385" - }, - { - "name" : "27014", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27014" - }, - { - "name" : "smbftpd-smbdirlist-format-string(36893)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36893" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the SMBDirList function in dirlist.c in SmbFTPD 0.96 allows remote attackers to execute arbitrary code via format string specifiers in a directory name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25871", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25871" + }, + { + "name": "27014", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27014" + }, + { + "name": "ADV-2007-3311", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3311" + }, + { + "name": "4478", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4478" + }, + { + "name": "41385", + "refsource": "OSVDB", + "url": "http://osvdb.org/41385" + }, + { + "name": "http://debork.se/poc/001_smbftpd.c", + "refsource": "MISC", + "url": "http://debork.se/poc/001_smbftpd.c" + }, + { + "name": "smbftpd-smbdirlist-format-string(36893)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36893" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=543077", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=543077" + }, + { + "name": "20071001 smbftpd 0.96 format string vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/481220/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5202.json b/2007/5xxx/CVE-2007-5202.json index 32a39056aae..5a5b7972016 100644 --- a/2007/5xxx/CVE-2007-5202.json +++ b/2007/5xxx/CVE-2007-5202.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5202", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5202", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5269.json b/2007/5xxx/CVE-2007-5269.json index 7aaa7e8a1f2..11ac768b1a6 100644 --- a/2007/5xxx/CVE-2007-5269.json +++ b/2007/5xxx/CVE-2007-5269.json @@ -1,412 +1,412 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071112 FLEA-2007-0065-1 libpng", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/483582/100/0/threaded" - }, - { - "name" : "20080304 CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489135/100/0/threaded" - }, - { - "name" : "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489739/100/0/threaded" - }, - { - "name" : "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495869/100/0/threaded" - }, - { - "name" : "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html" - }, - { - "name" : "[png-mng-implement] 20071004 Libpng-1.2.21 and libpng-1.0.29 released", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net&forum_name=png-mng-implement" - }, - { - "name" : "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2008/000008.html" - }, - { - "name" : "http://www.coresecurity.com/?action=item&id=2148", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/?action=item&id=2148" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1814", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1814" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=327791", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=327791" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=337461", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=337461" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=195261", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=195261" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-460.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-460.htm" - }, - { - "name" : "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html", - "refsource" : "CONFIRM", - "url" : "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=307562", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307562" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2008-0005.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2008-0005.html" - }, - { - "name" : "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html" - }, - { - "name" : "http://www.vmware.com/support/player/doc/releasenotes_player.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/player/doc/releasenotes_player.html" - }, - { - "name" : "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/player2/doc/releasenotes_player2.html" - }, - { - "name" : "http://www.vmware.com/support/server/doc/releasenotes_server.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/server/doc/releasenotes_server.html" - }, - { - "name" : "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html" - }, - { - "name" : "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2008-0014.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2008-0014.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm" - }, - { - "name" : "APPLE-SA-2008-03-18", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2008-05-28", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" - }, - { - "name" : "DSA-1750", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1750" - }, - { - "name" : "FEDORA-2007-2521", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00353.html" - }, - { - "name" : "FEDORA-2007-2666", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00356.html" - }, - { - "name" : "FEDORA-2007-734", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00072.html" - }, - { - "name" : "GLSA-200711-08", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml" - }, - { - "name" : "GLSA-200805-07", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml" - }, - { - "name" : "GLSA-201209-25", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-25.xml" - }, - { - "name" : "MDKSA-2007:217", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:217" - }, - { - "name" : "RHSA-2007:0992", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0992.html" - }, - { - "name" : "SSA:2007-325-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323" - }, - { - "name" : "259989", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1" - }, - { - "name" : "1020521", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1" - }, - { - "name" : "SUSE-SR:2007:025", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_25_sr.html" - }, - { - "name" : "USN-538-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-538-1" - }, - { - "name" : "TA08-150A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" - }, - { - "name" : "25956", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25956" - }, - { - "name" : "28276", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28276" - }, - { - "name" : "oval:org.mitre.oval:def:10614", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10614" - }, - { - "name" : "34388", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34388" - }, - { - "name" : "35302", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35302" - }, - { - "name" : "35386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35386" - }, - { - "name" : "ADV-2007-3390", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3390" - }, - { - "name" : "ADV-2008-0924", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0924/references" - }, - { - "name" : "ADV-2008-0905", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0905/references" - }, - { - "name" : "ADV-2008-1697", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1697" - }, - { - "name" : "ADV-2008-2466", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2466" - }, - { - "name" : "1018849", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018849" - }, - { - "name" : "27093", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27093" - }, - { - "name" : "27284", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27284" - }, - { - "name" : "27405", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27405" - }, - { - "name" : "27369", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27369" - }, - { - "name" : "27391", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27391" - }, - { - "name" : "27492", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27492" - }, - { - "name" : "27529", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27529" - }, - { - "name" : "27662", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27662" - }, - { - "name" : "27629", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27629" - }, - { - "name" : "27746", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27746" - }, - { - "name" : "27965", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27965" - }, - { - "name" : "29420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29420" - }, - { - "name" : "30161", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30161" - }, - { - "name" : "30430", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30430" - }, - { - "name" : "31712", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31712" - }, - { - "name" : "31713", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31713" - }, - { - "name" : "ADV-2009-1462", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1462" - }, - { - "name" : "ADV-2009-1560", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1560" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27965", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27965" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1814", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1814" + }, + { + "name": "MDKSA-2007:217", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:217" + }, + { + "name": "35386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35386" + }, + { + "name": "FEDORA-2007-2666", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00356.html" + }, + { + "name": "GLSA-201209-25", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-460.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-460.htm" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html" + }, + { + "name": "FEDORA-2007-2521", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00353.html" + }, + { + "name": "27093", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27093" + }, + { + "name": "1020521", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1" + }, + { + "name": "ADV-2009-1560", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1560" + }, + { + "name": "34388", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34388" + }, + { + "name": "ADV-2009-1462", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1462" + }, + { + "name": "27662", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27662" + }, + { + "name": "31712", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31712" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=195261", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=195261" + }, + { + "name": "FEDORA-2007-734", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00072.html" + }, + { + "name": "27529", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27529" + }, + { + "name": "http://www.vmware.com/support/server/doc/releasenotes_server.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html" + }, + { + "name": "27405", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27405" + }, + { + "name": "27746", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27746" + }, + { + "name": "RHSA-2007:0992", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0992.html" + }, + { + "name": "ADV-2007-3390", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3390" + }, + { + "name": "http://www.coresecurity.com/?action=item&id=2148", + "refsource": "MISC", + "url": "http://www.coresecurity.com/?action=item&id=2148" + }, + { + "name": "259989", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1" + }, + { + "name": "35302", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35302" + }, + { + "name": "31713", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31713" + }, + { + "name": "[png-mng-implement] 20071004 Libpng-1.2.21 and libpng-1.0.29 released", + "refsource": "MLIST", + "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net&forum_name=png-mng-implement" + }, + { + "name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html" + }, + { + "name": "ADV-2008-0924", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0924/references" + }, + { + "name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html" + }, + { + "name": "TA08-150A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" + }, + { + "name": "27391", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27391" + }, + { + "name": "25956", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25956" + }, + { + "name": "SUSE-SR:2007:025", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html" + }, + { + "name": "27369", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27369" + }, + { + "name": "1018849", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018849" + }, + { + "name": "oval:org.mitre.oval:def:10614", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10614" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=327791", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=327791" + }, + { + "name": "27492", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27492" + }, + { + "name": "http://www.vmware.com/support/player/doc/releasenotes_player.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html" + }, + { + "name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html" + }, + { + "name": "29420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29420" + }, + { + "name": "APPLE-SA-2008-03-18", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" + }, + { + "name": "27284", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27284" + }, + { + "name": "30430", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30430" + }, + { + "name": "USN-538-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-538-1" + }, + { + "name": "APPLE-SA-2008-05-28", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" + }, + { + "name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded" + }, + { + "name": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html", + "refsource": "CONFIRM", + "url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html" + }, + { + "name": "30161", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30161" + }, + { + "name": "GLSA-200805-07", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml" + }, + { + "name": "DSA-1750", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1750" + }, + { + "name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html" + }, + { + "name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded" + }, + { + "name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307562", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307562" + }, + { + "name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html" + }, + { + "name": "GLSA-200711-08", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml" + }, + { + "name": "ADV-2008-0905", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0905/references" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html" + }, + { + "name": "ADV-2008-1697", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1697" + }, + { + "name": "SSA:2007-325-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323" + }, + { + "name": "20071112 FLEA-2007-0065-1 libpng", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm" + }, + { + "name": "28276", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28276" + }, + { + "name": "20080304 CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded" + }, + { + "name": "ADV-2008-2466", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2466" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=337461", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=337461" + }, + { + "name": "27629", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27629" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5309.json b/2007/5xxx/CVE-2007-5309.json index e63f484d0ee..f23bd3bd090 100644 --- a/2007/5xxx/CVE-2007-5309.json +++ b/2007/5xxx/CVE-2007-5309.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in admin.wmtgallery.php in the webmaster-tips.net Flash Image Gallery (com_wmtgallery) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4496", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4496" - }, - { - "name" : "20071009 Joomla Flash Image Gallery Component RFI Vulnerability", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-October/001823.html" - }, - { - "name" : "20071009 Joomla Flash Image Gallery Component RFI Vulnerability", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-October/001824.html" - }, - { - "name" : "25958", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25958" - }, - { - "name" : "ADV-2007-3434", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3434" - }, - { - "name" : "38645", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38645" - }, - { - "name" : "flashimagegallery-wmtgallery-file-include(37016)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37016" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in admin.wmtgallery.php in the webmaster-tips.net Flash Image Gallery (com_wmtgallery) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20071009 Joomla Flash Image Gallery Component RFI Vulnerability", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-October/001823.html" + }, + { + "name": "25958", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25958" + }, + { + "name": "20071009 Joomla Flash Image Gallery Component RFI Vulnerability", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-October/001824.html" + }, + { + "name": "ADV-2007-3434", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3434" + }, + { + "name": "4496", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4496" + }, + { + "name": "flashimagegallery-wmtgallery-file-include(37016)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37016" + }, + { + "name": "38645", + "refsource": "OSVDB", + "url": "http://osvdb.org/38645" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5552.json b/2007/5xxx/CVE-2007-5552.json index 169539c17b0..076a0b4d3c1 100644 --- a/2007/5xxx/CVE-2007-5552.json +++ b/2007/5xxx/CVE-2007-5552.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5552", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.irmplc.com/index.php/111-Vendor-Alerts", - "refsource" : "MISC", - "url" : "http://www.irmplc.com/index.php/111-Vendor-Alerts" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.irmplc.com/index.php/111-Vendor-Alerts", + "refsource": "MISC", + "url": "http://www.irmplc.com/index.php/111-Vendor-Alerts" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5573.json b/2007/5xxx/CVE-2007-5573.json index 94c1d6acac4..f351eb0355b 100644 --- a/2007/5xxx/CVE-2007-5573.json +++ b/2007/5xxx/CVE-2007-5573.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in classes/core/language.php in LimeSurvey 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4544", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4544" - }, - { - "name" : "26110", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26110" - }, - { - "name" : "27288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27288" - }, - { - "name" : "limesurvey-language-file-include(37270)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in classes/core/language.php in LimeSurvey 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27288" + }, + { + "name": "26110", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26110" + }, + { + "name": "4544", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4544" + }, + { + "name": "limesurvey-language-file-include(37270)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37270" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2531.json b/2009/2xxx/CVE-2009-2531.json index 0312712618a..21ef51ba867 100644 --- a/2009/2xxx/CVE-2009-2531.json +++ b/2009/2xxx/CVE-2009-2531.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"Uninitialized Memory Corruption Vulnerability,\" a different vulnerability than CVE-2009-2530." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-2531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS09-054", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-054" - }, - { - "name" : "TA09-286A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-286A.html" - }, - { - "name" : "oval:org.mitre.oval:def:5766", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5766" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"Uninitialized Memory Corruption Vulnerability,\" a different vulnerability than CVE-2009-2530." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS09-054", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-054" + }, + { + "name": "TA09-286A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html" + }, + { + "name": "oval:org.mitre.oval:def:5766", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5766" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2704.json b/2009/2xxx/CVE-2009-2704.json index 285317ba3c0..83934bdcea6 100644 --- a/2009/2xxx/CVE-2009-2704.json +++ b/2009/2xxx/CVE-2009-2704.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing a %00 (encoded null byte)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://i8jesus.com/?p=55", - "refsource" : "MISC", - "url" : "http://i8jesus.com/?p=55" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing a %00 (encoded null byte)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://i8jesus.com/?p=55", + "refsource": "MISC", + "url": "http://i8jesus.com/?p=55" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2759.json b/2009/2xxx/CVE-2009-2759.json index 554c3048887..66be902293d 100644 --- a/2009/2xxx/CVE-2009-2759.json +++ b/2009/2xxx/CVE-2009-2759.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2759", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2759", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2799.json b/2009/2xxx/CVE-2009-2799.json index 98d1e4357c0..7aac9f67051 100644 --- a/2009/2xxx/CVE-2009-2799.json +++ b/2009/2xxx/CVE-2009-2799.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3859", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3859" - }, - { - "name" : "http://support.apple.com/kb/HT3937", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3937" - }, - { - "name" : "APPLE-SA-2009-09-09-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00002.html" - }, - { - "name" : "APPLE-SA-2009-11-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" - }, - { - "name" : "36328", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36328" - }, - { - "name" : "oval:org.mitre.oval:def:6405", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6405" - }, - { - "name" : "ADV-2009-3184", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT3859", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3859" + }, + { + "name": "36328", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36328" + }, + { + "name": "APPLE-SA-2009-09-09-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00002.html" + }, + { + "name": "oval:org.mitre.oval:def:6405", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6405" + }, + { + "name": "ADV-2009-3184", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3184" + }, + { + "name": "APPLE-SA-2009-11-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT3937", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3937" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2906.json b/2009/2xxx/CVE-2009-2906.json index 102293b6cf0..b5d553e49eb 100644 --- a/2009/2xxx/CVE-2009-2906.json +++ b/2009/2xxx/CVE-2009-2906.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-2906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091112 rPSA-2009-0145-1 samba samba-client samba-server samba-swat", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507856/100/0/threaded" - }, - { - "name" : "http://samba.org/samba/security/CVE-2009-2906.html", - "refsource" : "CONFIRM", - "url" : "http://samba.org/samba/security/CVE-2009-2906.html" - }, - { - "name" : "http://news.samba.org/releases/3.0.37/", - "refsource" : "CONFIRM", - "url" : "http://news.samba.org/releases/3.0.37/" - }, - { - "name" : "http://news.samba.org/releases/3.2.15/", - "refsource" : "CONFIRM", - "url" : "http://news.samba.org/releases/3.2.15/" - }, - { - "name" : "http://news.samba.org/releases/3.3.8/", - "refsource" : "CONFIRM", - "url" : "http://news.samba.org/releases/3.3.8/" - }, - { - "name" : "http://news.samba.org/releases/3.4.2/", - "refsource" : "CONFIRM", - "url" : "http://news.samba.org/releases/3.4.2/" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0145", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0145" - }, - { - "name" : "http://support.apple.com/kb/HT4077", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4077" - }, - { - "name" : "APPLE-SA-2010-03-29-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" - }, - { - "name" : "FEDORA-2009-10172", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html" - }, - { - "name" : "FEDORA-2009-10180", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html" - }, - { - "name" : "SSA:2009-276-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439" - }, - { - "name" : "1021111", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1" - }, - { - "name" : "SUSE-SR:2009:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" - }, - { - "name" : "USN-839-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-839-1" - }, - { - "name" : "36573", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36573" - }, - { - "name" : "58519", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/58519" - }, - { - "name" : "oval:org.mitre.oval:def:7090", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7090" - }, - { - "name" : "oval:org.mitre.oval:def:9944", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9944" - }, - { - "name" : "1022976", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022976" - }, - { - "name" : "36893", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36893" - }, - { - "name" : "36918", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36918" - }, - { - "name" : "36937", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36937" - }, - { - "name" : "36953", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36953" - }, - { - "name" : "37428", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37428" - }, - { - "name" : "ADV-2009-2810", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2810" - }, - { - "name" : "samba-smb-dos(53575)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53575" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://samba.org/samba/security/CVE-2009-2906.html", + "refsource": "CONFIRM", + "url": "http://samba.org/samba/security/CVE-2009-2906.html" + }, + { + "name": "http://news.samba.org/releases/3.4.2/", + "refsource": "CONFIRM", + "url": "http://news.samba.org/releases/3.4.2/" + }, + { + "name": "20091112 rPSA-2009-0145-1 samba samba-client samba-server samba-swat", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507856/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:9944", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9944" + }, + { + "name": "FEDORA-2009-10172", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html" + }, + { + "name": "APPLE-SA-2010-03-29-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + }, + { + "name": "http://news.samba.org/releases/3.2.15/", + "refsource": "CONFIRM", + "url": "http://news.samba.org/releases/3.2.15/" + }, + { + "name": "1021111", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1" + }, + { + "name": "58519", + "refsource": "OSVDB", + "url": "http://osvdb.org/58519" + }, + { + "name": "ADV-2009-2810", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2810" + }, + { + "name": "SSA:2009-276-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439" + }, + { + "name": "37428", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37428" + }, + { + "name": "36937", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36937" + }, + { + "name": "USN-839-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-839-1" + }, + { + "name": "samba-smb-dos(53575)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53575" + }, + { + "name": "http://support.apple.com/kb/HT4077", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4077" + }, + { + "name": "36573", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36573" + }, + { + "name": "http://news.samba.org/releases/3.0.37/", + "refsource": "CONFIRM", + "url": "http://news.samba.org/releases/3.0.37/" + }, + { + "name": "oval:org.mitre.oval:def:7090", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7090" + }, + { + "name": "36918", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36918" + }, + { + "name": "1022976", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022976" + }, + { + "name": "36893", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36893" + }, + { + "name": "http://news.samba.org/releases/3.3.8/", + "refsource": "CONFIRM", + "url": "http://news.samba.org/releases/3.3.8/" + }, + { + "name": "36953", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36953" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0145", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0145" + }, + { + "name": "SUSE-SR:2009:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" + }, + { + "name": "FEDORA-2009-10180", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0536.json b/2015/0xxx/CVE-2015-0536.json index a394c51a780..49c42ca0895 100644 --- a/2015/0xxx/CVE-2015-0536.json +++ b/2015/0xxx/CVE-2015-0536.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allow remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero, a similar issue to CVE-2015-1787." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2015-0536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150817 ESA-2015-081: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2015/Aug/84" - }, - { - "name" : "76377", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allow remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero, a similar issue to CVE-2015-1787." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150817 ESA-2015-081: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2015/Aug/84" + }, + { + "name": "76377", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76377" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0627.json b/2015/0xxx/CVE-2015-0627.json index 1c4782405df..15fcfe3d6ac 100644 --- a/2015/0xxx/CVE-2015-0627.json +++ b/2015/0xxx/CVE-2015-0627.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0627", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0627", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0669.json b/2015/0xxx/CVE-2015-0669.json index 8fc48c16a2e..9c2dadef891 100644 --- a/2015/0xxx/CVE-2015-0669.json +++ b/2015/0xxx/CVE-2015-0669.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 15.4S and 15.4(3)S allows remote attackers to modify configuration settings or cause a denial of service (partial service outage) by sending crafted Autonomic Networking (AN) messages on an intranet network, aka Bug ID CSCup62167." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150319 Cisco IOS Software Autonomic Networking Infrastructure Overwrite Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37935" - }, - { - "name" : "1031967", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031967" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 15.4S and 15.4(3)S allows remote attackers to modify configuration settings or cause a denial of service (partial service outage) by sending crafted Autonomic Networking (AN) messages on an intranet network, aka Bug ID CSCup62167." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031967", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031967" + }, + { + "name": "20150319 Cisco IOS Software Autonomic Networking Infrastructure Overwrite Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37935" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3437.json b/2015/3xxx/CVE-2015-3437.json index 010cd3c4c37..54e7094e145 100644 --- a/2015/3xxx/CVE-2015-3437.json +++ b/2015/3xxx/CVE-2015-3437.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3437", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3437", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3519.json b/2015/3xxx/CVE-2015-3519.json index 0940b40d2a2..164c8a35a7c 100644 --- a/2015/3xxx/CVE-2015-3519.json +++ b/2015/3xxx/CVE-2015-3519.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3519", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3519", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3752.json b/2015/3xxx/CVE-2015-3752.json index 4901d6aa4cb..5d2b9e1d761 100644 --- a/2015/3xxx/CVE-2015-3752.json +++ b/2015/3xxx/CVE-2015-3752.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3752", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross-origin request or (2) a private-browsing request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-3752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT205030", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205030" - }, - { - "name" : "https://support.apple.com/kb/HT205033", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205033" - }, - { - "name" : "APPLE-SA-2015-08-13-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html" - }, - { - "name" : "APPLE-SA-2015-08-13-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" - }, - { - "name" : "openSUSE-SU-2016:0915", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html" - }, - { - "name" : "USN-2937-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2937-1" - }, - { - "name" : "76341", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76341" - }, - { - "name" : "1033274", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033274" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross-origin request or (2) a private-browsing request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033274", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033274" + }, + { + "name": "https://support.apple.com/kb/HT205030", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205030" + }, + { + "name": "APPLE-SA-2015-08-13-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" + }, + { + "name": "openSUSE-SU-2016:0915", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html" + }, + { + "name": "76341", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76341" + }, + { + "name": "APPLE-SA-2015-08-13-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html" + }, + { + "name": "https://support.apple.com/kb/HT205033", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205033" + }, + { + "name": "USN-2937-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2937-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4150.json b/2015/4xxx/CVE-2015-4150.json index 101213f164c..e18ee596f94 100644 --- a/2015/4xxx/CVE-2015-4150.json +++ b/2015/4xxx/CVE-2015-4150.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4150", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4150", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4337.json b/2015/4xxx/CVE-2015-4337.json index 557ef127e2d..04dde257ab0 100644 --- a/2015/4xxx/CVE-2015-4337.json +++ b/2015/4xxx/CVE-2015-4337.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the excl_manual parameter in the xcloner_show page to wpadmin/plugins.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/132107/WordPress-XCloner-3.1.2-XSS-Command-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132107/WordPress-XCloner-3.1.2-XSS-Command-Execution.html" - }, - { - "name" : "http://www.vapid.dhs.org/advisory.php?v=121", - "refsource" : "MISC", - "url" : "http://www.vapid.dhs.org/advisory.php?v=121" - }, - { - "name" : "74943", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74943" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the excl_manual parameter in the xcloner_show page to wpadmin/plugins.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74943", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74943" + }, + { + "name": "http://packetstormsecurity.com/files/132107/WordPress-XCloner-3.1.2-XSS-Command-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132107/WordPress-XCloner-3.1.2-XSS-Command-Execution.html" + }, + { + "name": "http://www.vapid.dhs.org/advisory.php?v=121", + "refsource": "MISC", + "url": "http://www.vapid.dhs.org/advisory.php?v=121" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4374.json b/2015/4xxx/CVE-2015-4374.json index 32a7eef4674..0738dd5809b 100644 --- a/2015/4xxx/CVE-2015-4374.json +++ b/2015/4xxx/CVE-2015-4374.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4374", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.23, 7.x-3.x before 7.x-3.23, and 7.x-4.x before 7.x-4.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a component name in the recipient (To) address of an email." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150322 CVE requests for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/03/22/35" - }, - { - "name" : "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/04/25/6" - }, - { - "name" : "https://www.drupal.org/node/2454903", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2454903" - }, - { - "name" : "https://www.drupal.org/node/2454055", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2454055" - }, - { - "name" : "https://www.drupal.org/node/2454059", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2454059" - }, - { - "name" : "https://www.drupal.org/node/2454063", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2454063" - }, - { - "name" : "73215", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.23, 7.x-3.x before 7.x-3.23, and 7.x-4.x before 7.x-4.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a component name in the recipient (To) address of an email." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2454055", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2454055" + }, + { + "name": "https://www.drupal.org/node/2454059", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2454059" + }, + { + "name": "https://www.drupal.org/node/2454063", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2454063" + }, + { + "name": "[oss-security] 20150322 CVE requests for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/03/22/35" + }, + { + "name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/04/25/6" + }, + { + "name": "73215", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73215" + }, + { + "name": "https://www.drupal.org/node/2454903", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2454903" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4472.json b/2015/4xxx/CVE-2015-4472.json index 0b2746280a4..7646a59b434 100644 --- a/2015/4xxx/CVE-2015-4472.json +++ b/2015/4xxx/CVE-2015-4472.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4472", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CHM file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4472", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150203 Possible CVE Requests: libmspack: several issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2015/02/03/11" - }, - { - "name" : "https://bugs.debian.org/775687", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/775687" - }, - { - "name" : "GLSA-201506-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201506-01" - }, - { - "name" : "72490", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72490" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CHM file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150203 Possible CVE Requests: libmspack: several issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2015/02/03/11" + }, + { + "name": "GLSA-201506-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201506-01" + }, + { + "name": "https://bugs.debian.org/775687", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/775687" + }, + { + "name": "72490", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72490" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4778.json b/2015/4xxx/CVE-2015-4778.json index 56e07d2c48d..4b7cc8da282 100644 --- a/2015/4xxx/CVE-2015-4778.json +++ b/2015/4xxx/CVE-2015-4778.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4778", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640, CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-4764, CVE-2015-4775, CVE-2015-4776, CVE-2015-4777, CVE-2015-4780, CVE-2015-4781, CVE-2015-4782, CVE-2015-4783, CVE-2015-4784, CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, CVE-2015-4789, and CVE-2015-4790." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4778", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640, CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-4764, CVE-2015-4775, CVE-2015-4776, CVE-2015-4777, CVE-2015-4780, CVE-2015-4781, CVE-2015-4782, CVE-2015-4783, CVE-2015-4784, CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, CVE-2015-4789, and CVE-2015-4790." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8085.json b/2015/8xxx/CVE-2015-8085.json index 1272e62d67b..5c6a653b0df 100644 --- a/2015/8xxx/CVE-2015-8085.json +++ b/2015/8xxx/CVE-2015-8085.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 make it easier for remote authenticated administrators to obtain and decrypt passwords by leveraging selection of a reversible encryption algorithm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/hw-455876", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/hw-455876" - }, - { - "name" : "76897", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 make it easier for remote authenticated administrators to obtain and decrypt passwords by leveraging selection of a reversible encryption algorithm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "76897", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76897" + }, + { + "name": "http://www.huawei.com/en/psirt/security-advisories/hw-455876", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/hw-455876" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8517.json b/2015/8xxx/CVE-2015-8517.json index 7eb814e85ab..c35baa10f2a 100644 --- a/2015/8xxx/CVE-2015-8517.json +++ b/2015/8xxx/CVE-2015-8517.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8517", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-8517", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8711.json b/2015/8xxx/CVE-2015-8711.json index dacb7d6b719..1a1d29943db 100644 --- a/2015/8xxx/CVE-2015-8711.json +++ b/2015/8xxx/CVE-2015-8711.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2015-31.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2015-31.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11602", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11602" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11835", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11835" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11841", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11841" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=23379ae3624df82c170f48e5bb3250a97ec61c13", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=23379ae3624df82c170f48e5bb3250a97ec61c13" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5b4ada17723ed8af7e85cb48d537437ed614e417", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5b4ada17723ed8af7e85cb48d537437ed614e417" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5bf565690ad9f0771196d8fa237aa37fae3bb7cc", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5bf565690ad9f0771196d8fa237aa37fae3bb7cc" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" - }, - { - "name" : "DSA-3505", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3505" - }, - { - "name" : "GLSA-201604-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201604-05" - }, - { - "name" : "79814", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/79814" - }, - { - "name" : "1034551", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034551" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.wireshark.org/security/wnpa-sec-2015-31.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2015-31.html" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5b4ada17723ed8af7e85cb48d537437ed614e417", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5b4ada17723ed8af7e85cb48d537437ed614e417" + }, + { + "name": "DSA-3505", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3505" + }, + { + "name": "79814", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/79814" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5bf565690ad9f0771196d8fa237aa37fae3bb7cc", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5bf565690ad9f0771196d8fa237aa37fae3bb7cc" + }, + { + "name": "GLSA-201604-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201604-05" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=23379ae3624df82c170f48e5bb3250a97ec61c13", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=23379ae3624df82c170f48e5bb3250a97ec61c13" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11602", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11602" + }, + { + "name": "1034551", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034551" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11835", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11835" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11841", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11841" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8783.json b/2015/8xxx/CVE-2015-8783.json index b14582d64b4..d13c0b7c95b 100644 --- a/2015/8xxx/CVE-2015-8783.json +++ b/2015/8xxx/CVE-2015-8783.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2015-8783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160124 CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/01/24/3" - }, - { - "name" : "[oss-security] 20160124 Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/01/24/7" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2522", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2522" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "DSA-3467", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3467" - }, - { - "name" : "GLSA-201701-16", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-16" - }, - { - "name" : "RHSA-2016:1546", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1546.html" - }, - { - "name" : "RHSA-2016:1547", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1547.html" - }, - { - "name" : "openSUSE-SU-2016:0405", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00058.html" - }, - { - "name" : "openSUSE-SU-2016:0414", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00064.html" - }, - { - "name" : "USN-2939-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2939-1" - }, - { - "name" : "81730", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/81730" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "openSUSE-SU-2016:0414", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00064.html" + }, + { + "name": "RHSA-2016:1547", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" + }, + { + "name": "81730", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/81730" + }, + { + "name": "openSUSE-SU-2016:0405", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00058.html" + }, + { + "name": "USN-2939-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2939-1" + }, + { + "name": "[oss-security] 20160124 Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/01/24/7" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2522", + "refsource": "CONFIRM", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2522" + }, + { + "name": "GLSA-201701-16", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-16" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "RHSA-2016:1546", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html" + }, + { + "name": "[oss-security] 20160124 CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/01/24/3" + }, + { + "name": "DSA-3467", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3467" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8866.json b/2015/8xxx/CVE-2015-8866.json index bcfa5177475..1fd46d11dff 100644 --- a/2015/8xxx/CVE-2015-8866.json +++ b/2015/8xxx/CVE-2015-8866.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8866", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8866", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160423 Re: CVE request: PHP issues fixed in 7.0.5, 5.6.20 and 5.5.34 releases", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/04/24/1" - }, - { - "name" : "http://git.php.net/?p=php-src.git;a=commit;h=de31324c221c1791b26350ba106cc26bad23ace9", - "refsource" : "CONFIRM", - "url" : "http://git.php.net/?p=php-src.git;a=commit;h=de31324c221c1791b26350ba106cc26bad23ace9" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1509817", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1509817" - }, - { - "name" : "https://bugs.php.net/bug.php?id=64938", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=64938" - }, - { - "name" : "RHSA-2016:2750", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html" - }, - { - "name" : "SUSE-SU-2016:1277", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html" - }, - { - "name" : "openSUSE-SU-2016:1274", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html" - }, - { - "name" : "openSUSE-SU-2016:1373", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html" - }, - { - "name" : "USN-2952-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2952-1" - }, - { - "name" : "USN-2952-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2952-2" - }, - { - "name" : "87470", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/87470" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2952-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2952-1" + }, + { + "name": "http://git.php.net/?p=php-src.git;a=commit;h=de31324c221c1791b26350ba106cc26bad23ace9", + "refsource": "CONFIRM", + "url": "http://git.php.net/?p=php-src.git;a=commit;h=de31324c221c1791b26350ba106cc26bad23ace9" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1509817", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1509817" + }, + { + "name": "RHSA-2016:2750", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html" + }, + { + "name": "USN-2952-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2952-2" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "https://bugs.php.net/bug.php?id=64938", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=64938" + }, + { + "name": "87470", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/87470" + }, + { + "name": "openSUSE-SU-2016:1274", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html" + }, + { + "name": "SUSE-SU-2016:1277", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html" + }, + { + "name": "[oss-security] 20160423 Re: CVE request: PHP issues fixed in 7.0.5, 5.6.20 and 5.5.34 releases", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/04/24/1" + }, + { + "name": "openSUSE-SU-2016:1373", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8989.json b/2015/8xxx/CVE-2015-8989.json index 5a6835aaaed..9859c569831 100644 --- a/2015/8xxx/CVE-2015-8989.json +++ b/2015/8xxx/CVE-2015-8989.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2015-8989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "McAfee Vulnerability Manager (MVM)", - "version" : { - "version_data" : [ - { - "version_value" : "7.5.8 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Intel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user passwords via brute force attacks against the database." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Unsalted password vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2015-8989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "McAfee Vulnerability Manager (MVM)", + "version": { + "version_data": [ + { + "version_value": "7.5.8 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Intel" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10117", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user passwords via brute force attacks against the database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unsalted password vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10117", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10117" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9260.json b/2015/9xxx/CVE-2015-9260.json index 257d0cb8f08..c74badd42b9 100644 --- a/2015/9xxx/CVE-2015-9260.json +++ b/2015/9xxx/CVE-2015-9260.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-9260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/bedita/bedita/issues/755#issuecomment-148036760", - "refsource" : "MISC", - "url" : "https://github.com/bedita/bedita/issues/755#issuecomment-148036760" - }, - { - "name" : "https://github.com/bedita/bedita/releases/tag/v3.7.0", - "refsource" : "MISC", - "url" : "https://github.com/bedita/bedita/releases/tag/v3.7.0" - }, - { - "name" : "https://github.com/cybersecurityworks/Disclosed/issues/8", - "refsource" : "MISC", - "url" : "https://github.com/cybersecurityworks/Disclosed/issues/8" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/bedita/bedita/releases/tag/v3.7.0", + "refsource": "MISC", + "url": "https://github.com/bedita/bedita/releases/tag/v3.7.0" + }, + { + "name": "https://github.com/bedita/bedita/issues/755#issuecomment-148036760", + "refsource": "MISC", + "url": "https://github.com/bedita/bedita/issues/755#issuecomment-148036760" + }, + { + "name": "https://github.com/cybersecurityworks/Disclosed/issues/8", + "refsource": "MISC", + "url": "https://github.com/cybersecurityworks/Disclosed/issues/8" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1984.json b/2016/1xxx/CVE-2016-1984.json index 90cd3308167..4e35cafe94c 100644 --- a/2016/1xxx/CVE-2016-1984.json +++ b/2016/1xxx/CVE-2016-1984.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2015-8362." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-1984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160121 SEC Consult SA-20160121-0 :: Deliberately hidden backdoor account in AMX (Harman Professional) devices", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Jan/63" - }, - { - "name" : "http://blog.sec-consult.com/2016/01/deliberately-hidden-backdoor-account-in.html", - "refsource" : "MISC", - "url" : "http://blog.sec-consult.com/2016/01/deliberately-hidden-backdoor-account-in.html" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160121-0_AMX_Deliberately_hidden_backdoor_account_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160121-0_AMX_Deliberately_hidden_backdoor_account_v10.txt" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-049-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-049-02" - }, - { - "name" : "http://www.amx.com/techcenter/NXSecurityBrief/", - "refsource" : "CONFIRM", - "url" : "http://www.amx.com/techcenter/NXSecurityBrief/" - }, - { - "name" : "http://www.amx.com/techcenter/firmware.asp?Category=Hot%20Fix%20Files", - "refsource" : "CONFIRM", - "url" : "http://www.amx.com/techcenter/firmware.asp?Category=Hot%20Fix%20Files" - }, - { - "name" : "VU#992624", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/992624" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2015-8362." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#992624", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/992624" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-049-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-049-02" + }, + { + "name": "20160121 SEC Consult SA-20160121-0 :: Deliberately hidden backdoor account in AMX (Harman Professional) devices", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Jan/63" + }, + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160121-0_AMX_Deliberately_hidden_backdoor_account_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160121-0_AMX_Deliberately_hidden_backdoor_account_v10.txt" + }, + { + "name": "http://www.amx.com/techcenter/firmware.asp?Category=Hot%20Fix%20Files", + "refsource": "CONFIRM", + "url": "http://www.amx.com/techcenter/firmware.asp?Category=Hot%20Fix%20Files" + }, + { + "name": "http://blog.sec-consult.com/2016/01/deliberately-hidden-backdoor-account-in.html", + "refsource": "MISC", + "url": "http://blog.sec-consult.com/2016/01/deliberately-hidden-backdoor-account-in.html" + }, + { + "name": "http://www.amx.com/techcenter/NXSecurityBrief/", + "refsource": "CONFIRM", + "url": "http://www.amx.com/techcenter/NXSecurityBrief/" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5218.json b/2016/5xxx/CVE-2016-5218.json index c710eb39c18..3ea72200ea9 100644 --- a/2016/5xxx/CVE-2016-5218.json +++ b/2016/5xxx/CVE-2016-5218.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-5218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox (URL bar) via a crafted HTML page containing PDF data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "insufficient policy enforcement" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2016-5218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/660498", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/660498" - }, - { - "name" : "GLSA-201612-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-11" - }, - { - "name" : "RHSA-2016:2919", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2919.html" - }, - { - "name" : "94633", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94633" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox (URL bar) via a crafted HTML page containing PDF data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:2919", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2919.html" + }, + { + "name": "https://crbug.com/660498", + "refsource": "CONFIRM", + "url": "https://crbug.com/660498" + }, + { + "name": "94633", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94633" + }, + { + "name": "https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201612-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-11" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5378.json b/2016/5xxx/CVE-2016-5378.json index 0a52f1e0b75..50e44b9efe3 100644 --- a/2016/5xxx/CVE-2016-5378.json +++ b/2016/5xxx/CVE-2016-5378.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5378", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5378", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5551.json b/2016/5xxx/CVE-2016-5551.json index e4373c2013f..008935a03d6 100644 --- a/2016/5xxx/CVE-2016-5551.json +++ b/2016/5xxx/CVE-2016-5551.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2016-5551", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Solaris Cluster", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "4.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). The supported version that is affected is 4.3. Easily \"exploitable\" vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris Cluster executes to compromise Solaris Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Solaris Cluster accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris Cluster executes to compromise Solaris Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Solaris Cluster accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-5551", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Cluster", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97803", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97803" - }, - { - "name" : "1038292", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038292" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). The supported version that is affected is 4.3. Easily \"exploitable\" vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris Cluster executes to compromise Solaris Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Solaris Cluster accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris Cluster executes to compromise Solaris Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Solaris Cluster accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "97803", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97803" + }, + { + "name": "1038292", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038292" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5932.json b/2016/5xxx/CVE-2016-5932.json index b4926f8088b..7b342d290fd 100644 --- a/2016/5xxx/CVE-2016-5932.json +++ b/2016/5xxx/CVE-2016-5932.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-5932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Connections", - "version" : { - "version_data" : [ - { - "version_value" : "4.5" - }, - { - "version_value" : "3.0" - }, - { - "version_value" : "3.0.1" - }, - { - "version_value" : "3.0.1.1" - }, - { - "version_value" : "4.0" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "5.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998294." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-5932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Connections", + "version": { + "version_data": [ + { + "version_value": "4.5" + }, + { + "version_value": "3.0" + }, + { + "version_value": "3.0.1" + }, + { + "version_value": "3.0.1.1" + }, + { + "version_value": "4.0" + }, + { + "version_value": "5.0" + }, + { + "version_value": "5.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21998294", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21998294" - }, - { - "name" : "96453", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96453" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998294." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96453", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96453" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21998294", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21998294" + } + ] + } +} \ No newline at end of file diff --git a/2018/1999xxx/CVE-2018-1999042.json b/2018/1999xxx/CVE-2018-1999042.json index 33b86eaa3c8..b2bafd520bb 100644 --- a/2018/1999xxx/CVE-2018-1999042.json +++ b/2018/1999xxx/CVE-2018-1999042.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-08-18T21:50:59.833537", - "DATE_REQUESTED" : "2018-08-15T00:00:00", - "ID" : "CVE-2018-1999042", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins", - "version" : { - "version_data" : [ - { - "version_value" : "2.137 and earlier, 2.121.2 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-502" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-08-18T21:50:59.833537", + "DATE_REQUESTED": "2018-08-15T00:00:00", + "ID": "CVE-2018-1999042", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-08-15/#SECURITY-637", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-08-15/#SECURITY-637" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-08-15/#SECURITY-637", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-08-15/#SECURITY-637" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2351.json b/2018/2xxx/CVE-2018-2351.json index b9ce53c8fc9..7f70b539dcf 100644 --- a/2018/2xxx/CVE-2018-2351.json +++ b/2018/2xxx/CVE-2018-2351.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2351", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2351", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2549.json b/2018/2xxx/CVE-2018-2549.json index 28b543e5254..006d79eba8d 100644 --- a/2018/2xxx/CVE-2018-2549.json +++ b/2018/2xxx/CVE-2018-2549.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2549", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-2549", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2874.json b/2018/2xxx/CVE-2018-2874.json index 565fc7ae491..8135bf84f35 100644 --- a/2018/2xxx/CVE-2018-2874.json +++ b/2018/2xxx/CVE-2018-2874.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Application Object Library", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Logging). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows physical access to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows physical access to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Object Library", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "103878", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103878" - }, - { - "name" : "1040694", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040694" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Logging). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows physical access to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows physical access to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040694", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040694" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "103878", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103878" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6125.json b/2018/6xxx/CVE-2018-6125.json index 82e1dd1d72a..027bef810a2 100644 --- a/2018/6xxx/CVE-2018-6125.json +++ b/2018/6xxx/CVE-2018-6125.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6125", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6125", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6212.json b/2018/6xxx/CVE-2018-6212.json index c301a1b0657..8c488588264 100644 --- a/2018/6xxx/CVE-2018-6212.json +++ b/2018/6xxx/CVE-2018-6212.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a result of missed filtration for special characters in the \"Search\" field and incorrect processing of the XMLHttpRequest object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securitynewspaper.com/2018/05/25/d-link-dir-620-routers-critical-vulnerabilities/", - "refsource" : "MISC", - "url" : "http://www.securitynewspaper.com/2018/05/25/d-link-dir-620-routers-critical-vulnerabilities/" - }, - { - "name" : "https://securelist.com/backdoors-in-d-links-backyard/85530/", - "refsource" : "MISC", - "url" : "https://securelist.com/backdoors-in-d-links-backyard/85530/" - }, - { - "name" : "https://securityaffairs.co/wordpress/72839/hacking/d-link-dir-620-flaws.html", - "refsource" : "MISC", - "url" : "https://securityaffairs.co/wordpress/72839/hacking/d-link-dir-620-flaws.html" - }, - { - "name" : "https://www.bleepingcomputer.com/news/security/backdoor-account-found-in-d-link-dir-620-routers/", - "refsource" : "MISC", - "url" : "https://www.bleepingcomputer.com/news/security/backdoor-account-found-in-d-link-dir-620-routers/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a result of missed filtration for special characters in the \"Search\" field and incorrect processing of the XMLHttpRequest object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://securityaffairs.co/wordpress/72839/hacking/d-link-dir-620-flaws.html", + "refsource": "MISC", + "url": "https://securityaffairs.co/wordpress/72839/hacking/d-link-dir-620-flaws.html" + }, + { + "name": "https://www.bleepingcomputer.com/news/security/backdoor-account-found-in-d-link-dir-620-routers/", + "refsource": "MISC", + "url": "https://www.bleepingcomputer.com/news/security/backdoor-account-found-in-d-link-dir-620-routers/" + }, + { + "name": "https://securelist.com/backdoors-in-d-links-backyard/85530/", + "refsource": "MISC", + "url": "https://securelist.com/backdoors-in-d-links-backyard/85530/" + }, + { + "name": "http://www.securitynewspaper.com/2018/05/25/d-link-dir-620-routers-critical-vulnerabilities/", + "refsource": "MISC", + "url": "http://www.securitynewspaper.com/2018/05/25/d-link-dir-620-routers-critical-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0362.json b/2019/0xxx/CVE-2019-0362.json index a82eaa65393..b711a6f0a5f 100644 --- a/2019/0xxx/CVE-2019-0362.json +++ b/2019/0xxx/CVE-2019-0362.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0362", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0362", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0759.json b/2019/0xxx/CVE-2019-0759.json index da944d1cc3c..e2bdb85c368 100644 --- a/2019/0xxx/CVE-2019-0759.json +++ b/2019/0xxx/CVE-2019-0759.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0759", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0759", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0988.json b/2019/0xxx/CVE-2019-0988.json index 5ec7adf1736..dbbc162f32a 100644 --- a/2019/0xxx/CVE-2019-0988.json +++ b/2019/0xxx/CVE-2019-0988.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0988", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0988", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1061.json b/2019/1xxx/CVE-2019-1061.json index 90884e1f62c..f1f81356f23 100644 --- a/2019/1xxx/CVE-2019-1061.json +++ b/2019/1xxx/CVE-2019-1061.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1061", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1061", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1510.json b/2019/1xxx/CVE-2019-1510.json index 606e029e938..83f10f719ff 100644 --- a/2019/1xxx/CVE-2019-1510.json +++ b/2019/1xxx/CVE-2019-1510.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1510", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1510", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1598.json b/2019/1xxx/CVE-2019-1598.json index 3622866a9cd..979af8f7248 100644 --- a/2019/1xxx/CVE-2019-1598.json +++ b/2019/1xxx/CVE-2019-1598.json @@ -1,202 +1,202 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2019-03-06T16:00:00-0800", - "ID" : "CVE-2019-1598", - "STATE" : "PUBLIC", - "TITLE" : "Cisco FXOS and NX-OS Lightweight Directory Access Protocol Denial of Service Vulnerabilities" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firepower 4100 Series Next-Generation Firewalls", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "2.0.1.201" - }, - { - "affected" : "<", - "version_value" : "2.2.2.54" - }, - { - "affected" : "<", - "version_value" : "2.3.1.75" - } - ] - } - }, - { - "product_name" : "Firepower 9300 Security Appliance", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "2.0.1.201" - }, - { - "affected" : "<", - "version_value" : "2.2.2.54" - }, - { - "affected" : "<", - "version_value" : "2.3.1.75" - } - ] - } - }, - { - "product_name" : "MDS 9000 Series Multilayer Switches", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "8.2(1)" - } - ] - } - }, - { - "product_name" : "Nexus 3000 Series Switches", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "7.0(3)I7(1)" - } - ] - } - }, - { - "product_name" : "Nexus 3500 Platform Switches ", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "7.0(3)I7(2)" - } - ] - } - }, - { - "product_name" : "Nexus 7000 and 7700 Series Switches", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "6.2(20)" - }, - { - "affected" : "<", - "version_value" : "7.3(2)D1(1)" - }, - { - "affected" : "<", - "version_value" : "8.2(1)" - } - ] - } - }, - { - "product_name" : "Nexus 9000 Series Switches in Standalone NX-OS Mode ", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "7.0(3)I7(1)" - } - ] - } - }, - { - "product_name" : "UCS 6200 and 6300 Fabric Interconnect", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "3.2(2b)" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of LDAP packets by an affected device. An attacker could exploit these vulnerabilities by sending an LDAP packet crafted using Basic Encoding Rules (BER) to an affected device. The LDAP packet must have a source IP address of an LDAP server configured on the targeted device. A successful exploit could cause the affected device to reload, resulting in a DoS condition. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75. Firepower 9300 Security Appliances are affected in versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75. MDS 9000 Series Multilayer Switches are affected in versions prior to 8.2(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(1). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(2). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(20), 7.3(2)D1(1), and 8.2(1). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(1). UCS 6200 and 6300 Fabric Interconnect are affected in versions prior to 3.2(2b)." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "8.6", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-06T16:00:00-0800", + "ID": "CVE-2019-1598", + "STATE": "PUBLIC", + "TITLE": "Cisco FXOS and NX-OS Lightweight Directory Access Protocol Denial of Service Vulnerabilities" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firepower 4100 Series Next-Generation Firewalls", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "2.0.1.201" + }, + { + "affected": "<", + "version_value": "2.2.2.54" + }, + { + "affected": "<", + "version_value": "2.3.1.75" + } + ] + } + }, + { + "product_name": "Firepower 9300 Security Appliance", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "2.0.1.201" + }, + { + "affected": "<", + "version_value": "2.2.2.54" + }, + { + "affected": "<", + "version_value": "2.3.1.75" + } + ] + } + }, + { + "product_name": "MDS 9000 Series Multilayer Switches", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "8.2(1)" + } + ] + } + }, + { + "product_name": "Nexus 3000 Series Switches", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "7.0(3)I7(1)" + } + ] + } + }, + { + "product_name": "Nexus 3500 Platform Switches ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "7.0(3)I7(2)" + } + ] + } + }, + { + "product_name": "Nexus 7000 and 7700 Series Switches", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "6.2(20)" + }, + { + "affected": "<", + "version_value": "7.3(2)D1(1)" + }, + { + "affected": "<", + "version_value": "8.2(1)" + } + ] + } + }, + { + "product_name": "Nexus 9000 Series Switches in Standalone NX-OS Mode ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "7.0(3)I7(1)" + } + ] + } + }, + { + "product_name": "UCS 6200 and 6300 Fabric Interconnect", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "3.2(2b)" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20190306 Cisco FXOS and NX-OS Lightweight Directory Access Protocol Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxosldap" - }, - { - "name" : "107394", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107394" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20190306-nxosldap", - "defect" : [ - [ - "CSCvd40241", - "CSCvd57308", - "CSCve02855", - "CSCve02858", - "CSCve02865", - "CSCve02867", - "CSCve02871", - "CSCve57816", - "CSCve57820", - "CSCve58224" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of LDAP packets by an affected device. An attacker could exploit these vulnerabilities by sending an LDAP packet crafted using Basic Encoding Rules (BER) to an affected device. The LDAP packet must have a source IP address of an LDAP server configured on the targeted device. A successful exploit could cause the affected device to reload, resulting in a DoS condition. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75. Firepower 9300 Security Appliances are affected in versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75. MDS 9000 Series Multilayer Switches are affected in versions prior to 8.2(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(1). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(2). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(20), 7.3(2)D1(1), and 8.2(1). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(1). UCS 6200 and 6300 Fabric Interconnect are affected in versions prior to 3.2(2b)." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.6", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190306 Cisco FXOS and NX-OS Lightweight Directory Access Protocol Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxosldap" + }, + { + "name": "107394", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107394" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190306-nxosldap", + "defect": [ + [ + "CSCvd40241", + "CSCvd57308", + "CSCve02855", + "CSCve02858", + "CSCve02865", + "CSCve02867", + "CSCve02871", + "CSCve57816", + "CSCve57820", + "CSCve58224" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1883.json b/2019/1xxx/CVE-2019-1883.json index 56340938c11..e55fa84bf05 100644 --- a/2019/1xxx/CVE-2019-1883.json +++ b/2019/1xxx/CVE-2019-1883.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1883", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1883", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5350.json b/2019/5xxx/CVE-2019-5350.json index 237ad9abaa1..2e8fdaa1679 100644 --- a/2019/5xxx/CVE-2019-5350.json +++ b/2019/5xxx/CVE-2019-5350.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5350", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5350", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5462.json b/2019/5xxx/CVE-2019-5462.json index f8f5b8d95ad..802f958f1e0 100644 --- a/2019/5xxx/CVE-2019-5462.json +++ b/2019/5xxx/CVE-2019-5462.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5462", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5462", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5574.json b/2019/5xxx/CVE-2019-5574.json index 94d811116b9..28bcefcebcc 100644 --- a/2019/5xxx/CVE-2019-5574.json +++ b/2019/5xxx/CVE-2019-5574.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5574", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5574", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5745.json b/2019/5xxx/CVE-2019-5745.json index fa3351ccd0c..987cc75dc4e 100644 --- a/2019/5xxx/CVE-2019-5745.json +++ b/2019/5xxx/CVE-2019-5745.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5745", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5745", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file