From ec0e7f286f4c6e56f00db19889727973af6608cd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:31:19 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/0xxx/CVE-1999-0811.json | 120 ++++----- 1999/0xxx/CVE-1999-0948.json | 120 ++++----- 1999/1xxx/CVE-1999-1389.json | 130 ++++----- 1999/1xxx/CVE-1999-1555.json | 140 +++++----- 2000/1xxx/CVE-2000-1175.json | 130 ++++----- 2005/2xxx/CVE-2005-2157.json | 140 +++++----- 2005/2xxx/CVE-2005-2338.json | 180 ++++++------- 2005/2xxx/CVE-2005-2397.json | 160 +++++------ 2005/2xxx/CVE-2005-2428.json | 210 +++++++-------- 2005/2xxx/CVE-2005-2463.json | 160 +++++------ 2005/2xxx/CVE-2005-2632.json | 150 +++++------ 2005/3xxx/CVE-2005-3319.json | 340 ++++++++++++------------ 2007/5xxx/CVE-2007-5005.json | 190 ++++++------- 2007/5xxx/CVE-2007-5982.json | 160 +++++------ 2009/2xxx/CVE-2009-2053.json | 170 ++++++------ 2009/2xxx/CVE-2009-2408.json | 410 ++++++++++++++--------------- 2009/2xxx/CVE-2009-2562.json | 250 +++++++++--------- 2009/2xxx/CVE-2009-2951.json | 130 ++++----- 2009/2xxx/CVE-2009-2991.json | 170 ++++++------ 2009/3xxx/CVE-2009-3179.json | 140 +++++----- 2009/3xxx/CVE-2009-3851.json | 140 +++++----- 2015/0xxx/CVE-2015-0220.json | 230 ++++++++-------- 2015/0xxx/CVE-2015-0313.json | 270 +++++++++---------- 2015/0xxx/CVE-2015-0414.json | 130 ++++----- 2015/0xxx/CVE-2015-0441.json | 220 ++++++++-------- 2015/0xxx/CVE-2015-0998.json | 140 +++++----- 2015/4xxx/CVE-2015-4075.json | 150 +++++------ 2015/4xxx/CVE-2015-4289.json | 130 ++++----- 2015/4xxx/CVE-2015-4309.json | 34 +-- 2015/4xxx/CVE-2015-4321.json | 130 ++++----- 2015/4xxx/CVE-2015-4451.json | 140 +++++----- 2015/4xxx/CVE-2015-4553.json | 34 +-- 2015/8xxx/CVE-2015-8527.json | 34 +-- 2015/8xxx/CVE-2015-8528.json | 34 +-- 2015/8xxx/CVE-2015-8870.json | 150 +++++------ 2015/8xxx/CVE-2015-8902.json | 160 +++++------ 2015/9xxx/CVE-2015-9205.json | 132 +++++----- 2016/5xxx/CVE-2016-5051.json | 120 ++++----- 2016/5xxx/CVE-2016-5066.json | 120 ++++----- 2016/5xxx/CVE-2016-5539.json | 130 ++++----- 2018/1002xxx/CVE-2018-1002008.json | 148 +++++------ 2018/2xxx/CVE-2018-2401.json | 174 ++++++------ 2018/2xxx/CVE-2018-2425.json | 190 ++++++------- 2018/2xxx/CVE-2018-2570.json | 150 +++++------ 2018/2xxx/CVE-2018-2652.json | 158 +++++------ 2018/6xxx/CVE-2018-6288.json | 132 +++++----- 2018/6xxx/CVE-2018-6300.json | 122 ++++----- 2018/6xxx/CVE-2018-6478.json | 34 +-- 2018/6xxx/CVE-2018-6887.json | 34 +-- 2018/6xxx/CVE-2018-6934.json | 120 ++++----- 2018/7xxx/CVE-2018-7485.json | 130 ++++----- 2019/1xxx/CVE-2019-1179.json | 34 +-- 2019/1xxx/CVE-2019-1734.json | 34 +-- 2019/1xxx/CVE-2019-1907.json | 34 +-- 2019/5xxx/CVE-2019-5120.json | 34 +-- 2019/5xxx/CVE-2019-5307.json | 34 +-- 2019/5xxx/CVE-2019-5362.json | 34 +-- 2019/5xxx/CVE-2019-5489.json | 180 ++++++------- 58 files changed, 4002 insertions(+), 4002 deletions(-) diff --git a/1999/0xxx/CVE-1999-0811.json b/1999/0xxx/CVE-1999-0811.json index b96d347350a..7f0e39c19b3 100644 --- a/1999/0xxx/CVE-1999-0811.json +++ b/1999/0xxx/CVE-1999-0811.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Samba smbd program via a malformed message command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "536", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/536" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Samba smbd program via a malformed message command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "536", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/536" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0948.json b/1999/0xxx/CVE-1999-0948.json index 8be3942d6ec..843ce403e15 100644 --- a/1999/0xxx/CVE-1999-0948.json +++ b/1999/0xxx/CVE-1999-0948.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0948", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in uum program for Canna input system allows local users to gain root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0948", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "757", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in uum program for Canna input system allows local users to gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "757", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/757" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1389.json b/1999/1xxx/CVE-1999-1389.json index 9754f4d93a4..667d3b93caa 100644 --- a/1999/1xxx/CVE-1999-1389.json +++ b/1999/1xxx/CVE-1999-1389.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "US Robotics/3Com Total Control Chassis with Frame Relay between 3.6.22 and 3.7.24 does not properly enforce access filters when the \"set host prompt\" setting is made for a port, which allows attackers to bypass restrictions by providing the hostname twice at the \"host: \" prompt." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19980511 3Com/USR Total Control Chassis dialup port access filters", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=90221101925916&w=2" - }, - { - "name" : "99", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "US Robotics/3Com Total Control Chassis with Frame Relay between 3.6.22 and 3.7.24 does not properly enforce access filters when the \"set host prompt\" setting is made for a port, which allows attackers to bypass restrictions by providing the hostname twice at the \"host: \" prompt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99" + }, + { + "name": "19980511 3Com/USR Total Control Chassis dialup port access filters", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=90221101925916&w=2" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1555.json b/1999/1xxx/CVE-1999-1555.json index 31bce64513d..fe4903b4c63 100644 --- a/1999/1xxx/CVE-1999-1555.json +++ b/1999/1xxx/CVE-1999-1555.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cheyenne InocuLAN Anti-Virus Server in Inoculan 4.0 before Service Pack 2 creates an update directory with \"EVERYONE FULL CONTROL\" permissions, which allows local users to cause Inoculan's antivirus update feature to install a Trojan horse dll." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19980611 Cheyenne Inoculan vulnerability on NT", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/9515" - }, - { - "name" : "106", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106" - }, - { - "name" : "inoculan-bad-permissions(1536)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1536" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cheyenne InocuLAN Anti-Virus Server in Inoculan 4.0 before Service Pack 2 creates an update directory with \"EVERYONE FULL CONTROL\" permissions, which allows local users to cause Inoculan's antivirus update feature to install a Trojan horse dll." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19980611 Cheyenne Inoculan vulnerability on NT", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/9515" + }, + { + "name": "106", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106" + }, + { + "name": "inoculan-bad-permissions(1536)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1536" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1175.json b/2000/1xxx/CVE-2000-1175.json index b35aed7918b..96aca35feed 100644 --- a/2000/1xxx/CVE-2000-1175.json +++ b/2000/1xxx/CVE-2000-1175.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Koules 1.4 allows local users to execute arbitrary commands via a long command line argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001120 local exploit for linux's Koules1.4 package", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/145823" - }, - { - "name" : "1967", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1967" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Koules 1.4 allows local users to execute arbitrary commands via a long command line argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1967", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1967" + }, + { + "name": "20001120 local exploit for linux's Koules1.4 package", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/145823" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2157.json b/2005/2xxx/CVE-2005-2157.json index 5da30e5314d..3ca3a7ba789 100644 --- a/2005/2xxx/CVE-2005-2157.json +++ b/2005/2xxx/CVE-2005-2157.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in survey.inc.php for nabopoll 1.2 allows remote attackers to execute arbitrary PHP code via the path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2005-0954", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0954" - }, - { - "name" : "1014355", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014355" - }, - { - "name" : "15910", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15910" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in survey.inc.php for nabopoll 1.2 allows remote attackers to execute arbitrary PHP code via the path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15910", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15910" + }, + { + "name": "ADV-2005-0954", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0954" + }, + { + "name": "1014355", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014355" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2338.json b/2005/2xxx/CVE-2005-2338.json index e88c3e90433..49bae3df813 100644 --- a/2005/2xxx/CVE-2005-2338.json +++ b/2005/2xxx/CVE-2005-2338.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2338", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP and earlier, XOOPS 2.0.13.1 and earlier, and 2.2.x up to 2.2.3 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) modules that use \"XOOPS Code\" and (2) newbb in the forum module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2005-2338", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051025 [SNS Advisory No.85] XOOPS Multiple Cross-site Scripting Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113027315412024&w=2" - }, - { - "name" : "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/85_e.html", - "refsource" : "MISC", - "url" : "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/85_e.html" - }, - { - "name" : "JVN#77105349", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN%2377105349/index.html" - }, - { - "name" : "VU#683958", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/683958" - }, - { - "name" : "VU#346302", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/346302" - }, - { - "name" : "15195", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15195" - }, - { - "name" : "17300", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP and earlier, XOOPS 2.0.13.1 and earlier, and 2.2.x up to 2.2.3 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) modules that use \"XOOPS Code\" and (2) newbb in the forum module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17300", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17300" + }, + { + "name": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/85_e.html", + "refsource": "MISC", + "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/85_e.html" + }, + { + "name": "JVN#77105349", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN%2377105349/index.html" + }, + { + "name": "15195", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15195" + }, + { + "name": "20051025 [SNS Advisory No.85] XOOPS Multiple Cross-site Scripting Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113027315412024&w=2" + }, + { + "name": "VU#346302", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/346302" + }, + { + "name": "VU#683958", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/683958" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2397.json b/2005/2xxx/CVE-2005-2397.json index f337e9613f6..af3e45023b3 100644 --- a/2005/2xxx/CVE-2005-2397.json +++ b/2005/2xxx/CVE-2005-2397.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2397", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook 1.46 allows remote attackers to inject arbitrary web script or HTML via the admin parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14390", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14390" - }, - { - "name" : "18295", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18295" - }, - { - "name" : "1014573", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014573" - }, - { - "name" : "16192", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16192" - }, - { - "name" : "phpbook-admin-xss(21538)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21538" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook 1.46 allows remote attackers to inject arbitrary web script or HTML via the admin parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14390", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14390" + }, + { + "name": "18295", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18295" + }, + { + "name": "1014573", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014573" + }, + { + "name": "16192", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16192" + }, + { + "name": "phpbook-admin-xss(21538)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21538" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2428.json b/2005/2xxx/CVE-2005-2428.json index 05778c08ace..68ec349cf16 100644 --- a/2005/2xxx/CVE-2005-2428.json +++ b/2005/2xxx/CVE-2005-2428.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lotus Domino R5 and R6 WebMail, with \"Generate HTML for all fields\" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050726 CYBSEC - Security Advisory: Default Configuration Information", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112240869130356&w=2" - }, - { - "name" : "39495", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39495/" - }, - { - "name" : "http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf", - "refsource" : "MISC", - "url" : "http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21212934", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21212934" - }, - { - "name" : "http://www.securiteam.com/securitynews/5FP0E15GLQ.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/securitynews/5FP0E15GLQ.html" - }, - { - "name" : "14389", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14389" - }, - { - "name" : "18462", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18462" - }, - { - "name" : "1014584", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014584" - }, - { - "name" : "16231", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16231/" - }, - { - "name" : "lotus-domino-names-obtain-information(21556)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21556" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lotus Domino R5 and R6 WebMail, with \"Generate HTML for all fields\" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050726 CYBSEC - Security Advisory: Default Configuration Information", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112240869130356&w=2" + }, + { + "name": "14389", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14389" + }, + { + "name": "39495", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39495/" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21212934", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21212934" + }, + { + "name": "1014584", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014584" + }, + { + "name": "18462", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18462" + }, + { + "name": "http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf", + "refsource": "MISC", + "url": "http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf" + }, + { + "name": "http://www.securiteam.com/securitynews/5FP0E15GLQ.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/securitynews/5FP0E15GLQ.html" + }, + { + "name": "16231", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16231/" + }, + { + "name": "lotus-domino-names-obtain-information(21556)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21556" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2463.json b/2005/2xxx/CVE-2005-2463.json index 26577ca8946..3c47143237f 100644 --- a/2005/2xxx/CVE-2005-2463.json +++ b/2005/2xxx/CVE-2005-2463.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kayako liveResponse 2.x allows remote attackers to obtain sensitive information via a direct request to addressbook.php and other include scripts, which reveals the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050730 Kayako liveResponse Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112274359718863&w=2" - }, - { - "name" : "http://www.gulftech.org/?node=research&article_id=00092-07302005", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00092-07302005" - }, - { - "name" : "14425", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14425" - }, - { - "name" : "18399", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18399" - }, - { - "name" : "16286", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16286" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kayako liveResponse 2.x allows remote attackers to obtain sensitive information via a direct request to addressbook.php and other include scripts, which reveals the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14425", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14425" + }, + { + "name": "18399", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18399" + }, + { + "name": "20050730 Kayako liveResponse Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112274359718863&w=2" + }, + { + "name": "16286", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16286" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00092-07302005", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00092-07302005" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2632.json b/2005/2xxx/CVE-2005-2632.json index 59c6200ed52..5dd1113939a 100644 --- a/2005/2xxx/CVE-2005-2632.json +++ b/2005/2xxx/CVE-2005-2632.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in login_admin_mediabox404.php in mediabox404 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the User field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050817 SQL injection in mediabox404 v1.2", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112431321513646&w=2" - }, - { - "name" : "14593", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14593" - }, - { - "name" : "16493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16493/" - }, - { - "name" : "mediabox-sql-injection(21905)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21905" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in login_admin_mediabox404.php in mediabox404 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the User field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14593", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14593" + }, + { + "name": "16493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16493/" + }, + { + "name": "20050817 SQL injection in mediabox404 v1.2", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112431321513646&w=2" + }, + { + "name": "mediabox-sql-injection(21905)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21905" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3319.json b/2005/3xxx/CVE-2005-3319.json index c1aa7a30944..a76569f040c 100644 --- a/2005/3xxx/CVE-2005-3319.json +++ b/2005/3xxx/CVE-2005-3319.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051024 php < 4.4.1 htaccess apache dos", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113019286208204&w=2" - }, - { - "name" : "20051024 php < 4.4.1 htaccess apache dos", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0491.html" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=107602", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=107602" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=303382", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=303382" - }, - { - "name" : "APPLE-SA-2006-03-01", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html" - }, - { - "name" : "GLSA-200511-08", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml" - }, - { - "name" : "HPSBMA02159", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522" - }, - { - "name" : "SSRT061238", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522" - }, - { - "name" : "MDKSA-2005:213", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:213" - }, - { - "name" : "USN-232-1", - "refsource" : "UBUNTU", - "url" : "https://www.ubuntu.com/usn/usn-232-1/" - }, - { - "name" : "TA06-062A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-062A.html" - }, - { - "name" : "15177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15177" - }, - { - "name" : "16907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16907" - }, - { - "name" : "ADV-2006-0791", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0791" - }, - { - "name" : "ADV-2006-4320", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4320" - }, - { - "name" : "20491", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20491" - }, - { - "name" : "18198", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18198" - }, - { - "name" : "19064", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19064" - }, - { - "name" : "17510", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17510" - }, - { - "name" : "17557", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17557" - }, - { - "name" : "22691", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22691" - }, - { - "name" : "525", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/525" - }, - { - "name" : "php-htaccess-dos(22844)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22844" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051024 php < 4.4.1 htaccess apache dos", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113019286208204&w=2" + }, + { + "name": "22691", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22691" + }, + { + "name": "20051024 php < 4.4.1 htaccess apache dos", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0491.html" + }, + { + "name": "MDKSA-2005:213", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:213" + }, + { + "name": "18198", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18198" + }, + { + "name": "SSRT061238", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522" + }, + { + "name": "HPSBMA02159", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522" + }, + { + "name": "525", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/525" + }, + { + "name": "19064", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19064" + }, + { + "name": "php-htaccess-dos(22844)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22844" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=107602", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=107602" + }, + { + "name": "20491", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20491" + }, + { + "name": "16907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16907" + }, + { + "name": "ADV-2006-0791", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0791" + }, + { + "name": "ADV-2006-4320", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4320" + }, + { + "name": "APPLE-SA-2006-03-01", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html" + }, + { + "name": "15177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15177" + }, + { + "name": "TA06-062A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-062A.html" + }, + { + "name": "17510", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17510" + }, + { + "name": "17557", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17557" + }, + { + "name": "GLSA-200511-08", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml" + }, + { + "name": "USN-232-1", + "refsource": "UBUNTU", + "url": "https://www.ubuntu.com/usn/usn-232-1/" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=303382", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=303382" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5005.json b/2007/5xxx/CVE-2007-5005.json index 0cada5447bf..56d32acac7d 100644 --- a/2007/5xxx/CVE-2007-5005.json +++ b/2007/5xxx/CVE-2007-5005.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in rxRPC.dll in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to upload and overwrite arbitrary files via a ..\\ (dot dot backslash) sequence in the destination filename argument to sub-function 8 in the rxrReceiveFileFromServer command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070920 Multiple Vulnerabilities in CA ARCserve for Laptops & Desktops", - "refsource" : "EEYE", - "url" : "http://research.eeye.com/html/advisories/published/AD20070920.html" - }, - { - "name" : "20070921 [CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve Backup for Laptops and Desktops Multiple Server Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/480252/100/100/threaded" - }, - { - "name" : "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp", - "refsource" : "CONFIRM", - "url" : "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp" - }, - { - "name" : "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006", - "refsource" : "CONFIRM", - "url" : "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006" - }, - { - "name" : "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35676", - "refsource" : "CONFIRM", - "url" : "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35676" - }, - { - "name" : "24348", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24348" - }, - { - "name" : "1018728", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018728" - }, - { - "name" : "25606", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25606" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in rxRPC.dll in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to upload and overwrite arbitrary files via a ..\\ (dot dot backslash) sequence in the destination filename argument to sub-function 8 in the rxrReceiveFileFromServer command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24348", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24348" + }, + { + "name": "25606", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25606" + }, + { + "name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006", + "refsource": "CONFIRM", + "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006" + }, + { + "name": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35676", + "refsource": "CONFIRM", + "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35676" + }, + { + "name": "20070921 [CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve Backup for Laptops and Desktops Multiple Server Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/480252/100/100/threaded" + }, + { + "name": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp", + "refsource": "CONFIRM", + "url": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp" + }, + { + "name": "20070920 Multiple Vulnerabilities in CA ARCserve for Laptops & Desktops", + "refsource": "EEYE", + "url": "http://research.eeye.com/html/advisories/published/AD20070920.html" + }, + { + "name": "1018728", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018728" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5982.json b/2007/5xxx/CVE-2007-5982.json index c3f0fe3d749..6be621da611 100644 --- a/2007/5xxx/CVE-2007-5982.json +++ b/2007/5xxx/CVE-2007-5982.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to sources/frame.php, the (2) theme_c parameter to help/index.php, or the (3) INSTALL_X7CHATVERSION parameter to upgradev1.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstorm.linuxsecurity.com/0711-exploits/x7-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstorm.linuxsecurity.com/0711-exploits/x7-xss.txt" - }, - { - "name" : "26417", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26417" - }, - { - "name" : "38745", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38745" - }, - { - "name" : "38746", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38746" - }, - { - "name" : "27677", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27677" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to sources/frame.php, the (2) theme_c parameter to help/index.php, or the (3) INSTALL_X7CHATVERSION parameter to upgradev1.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38745", + "refsource": "OSVDB", + "url": "http://osvdb.org/38745" + }, + { + "name": "38746", + "refsource": "OSVDB", + "url": "http://osvdb.org/38746" + }, + { + "name": "27677", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27677" + }, + { + "name": "http://packetstorm.linuxsecurity.com/0711-exploits/x7-xss.txt", + "refsource": "MISC", + "url": "http://packetstorm.linuxsecurity.com/0711-exploits/x7-xss.txt" + }, + { + "name": "26417", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26417" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2053.json b/2009/2xxx/CVE-2009-2053.json index 82f642e53a8..b1c8fcaa9ea 100644 --- a/2009/2xxx/CVE-2009-2053.json +++ b/2009/2xxx/CVE-2009-2053.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2) allows remote attackers to cause a denial of service (file-descriptor exhaustion and SCCP outage) via a flood of TCP packets, aka Bug ID CSCsx32236." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2009-2053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090826 Cisco Unified Communications Manager Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml" - }, - { - "name" : "36152", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36152" - }, - { - "name" : "57455", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/57455" - }, - { - "name" : "1022775", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022775" - }, - { - "name" : "36498", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36498" - }, - { - "name" : "36499", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36499" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2) allows remote attackers to cause a denial of service (file-descriptor exhaustion and SCCP outage) via a flood of TCP packets, aka Bug ID CSCsx32236." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36499", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36499" + }, + { + "name": "36152", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36152" + }, + { + "name": "36498", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36498" + }, + { + "name": "57455", + "refsource": "OSVDB", + "url": "http://osvdb.org/57455" + }, + { + "name": "20090826 Cisco Unified Communications Manager Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml" + }, + { + "name": "1022775", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022775" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2408.json b/2009/2xxx/CVE-2009-2408.json index 540c56f83fc..8f6b5383236 100644 --- a/2009/2xxx/CVE-2009-2408.json +++ b/2009/2xxx/CVE-2009-2408.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-2408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090903 More CVE-2009-2408 like issues", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125198917018936&w=2" - }, - { - "name" : "http://www.wired.com/threatlevel/2009/07/kaminsky/", - "refsource" : "MISC", - "url" : "http://www.wired.com/threatlevel/2009/07/kaminsky/" - }, - { - "name" : "http://isc.sans.org/diary.html?storyid=7003", - "refsource" : "MISC", - "url" : "http://isc.sans.org/diary.html?storyid=7003" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=510251", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=510251" - }, - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-42.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-42.html" - }, - { - "name" : "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8&r2=1.11&f=h", - "refsource" : "CONFIRM", - "url" : "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8&r2=1.11&f=h" - }, - { - "name" : "DSA-1874", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1874" - }, - { - "name" : "MDVSA-2009:197", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197" - }, - { - "name" : "MDVSA-2009:216", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216" - }, - { - "name" : "MDVSA-2009:217", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:217" - }, - { - "name" : "RHSA-2009:1207", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1207.html" - }, - { - "name" : "RHSA-2009:1432", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1432.html" - }, - { - "name" : "1021030", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1" - }, - { - "name" : "SUSE-SR:2009:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" - }, - { - "name" : "SUSE-SA:2009:048", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2009_48_firefox.html" - }, - { - "name" : "USN-810-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-810-1" - }, - { - "name" : "USN-810-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/810-2/" - }, - { - "name" : "56723", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56723" - }, - { - "name" : "oval:org.mitre.oval:def:10751", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10751" - }, - { - "name" : "oval:org.mitre.oval:def:8458", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8458" - }, - { - "name" : "1022632", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022632" - }, - { - "name" : "36088", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36088" - }, - { - "name" : "36125", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36125" - }, - { - "name" : "36139", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36139" - }, - { - "name" : "36157", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36157" - }, - { - "name" : "36434", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36434" - }, - { - "name" : "37098", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37098" - }, - { - "name" : "36669", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36669" - }, - { - "name" : "ADV-2009-2085", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2085" - }, - { - "name" : "ADV-2009-3184", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36139", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36139" + }, + { + "name": "36157", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36157" + }, + { + "name": "1022632", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022632" + }, + { + "name": "MDVSA-2009:197", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197" + }, + { + "name": "SUSE-SA:2009:048", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2009_48_firefox.html" + }, + { + "name": "MDVSA-2009:216", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216" + }, + { + "name": "SUSE-SR:2009:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" + }, + { + "name": "36434", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36434" + }, + { + "name": "36088", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36088" + }, + { + "name": "http://isc.sans.org/diary.html?storyid=7003", + "refsource": "MISC", + "url": "http://isc.sans.org/diary.html?storyid=7003" + }, + { + "name": "RHSA-2009:1207", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1207.html" + }, + { + "name": "http://www.wired.com/threatlevel/2009/07/kaminsky/", + "refsource": "MISC", + "url": "http://www.wired.com/threatlevel/2009/07/kaminsky/" + }, + { + "name": "36669", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36669" + }, + { + "name": "56723", + "refsource": "OSVDB", + "url": "http://osvdb.org/56723" + }, + { + "name": "RHSA-2009:1432", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1432.html" + }, + { + "name": "USN-810-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-810-1" + }, + { + "name": "oval:org.mitre.oval:def:10751", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10751" + }, + { + "name": "USN-810-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/810-2/" + }, + { + "name": "oval:org.mitre.oval:def:8458", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8458" + }, + { + "name": "1021030", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1" + }, + { + "name": "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8&r2=1.11&f=h", + "refsource": "CONFIRM", + "url": "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8&r2=1.11&f=h" + }, + { + "name": "ADV-2009-3184", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3184" + }, + { + "name": "36125", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36125" + }, + { + "name": "37098", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37098" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-42.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-42.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=510251", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510251" + }, + { + "name": "ADV-2009-2085", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2085" + }, + { + "name": "DSA-1874", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1874" + }, + { + "name": "MDVSA-2009:217", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:217" + }, + { + "name": "[oss-security] 20090903 More CVE-2009-2408 like issues", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125198917018936&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2562.json b/2009/2xxx/CVE-2009-2562.json index 1720c945dcd..c1f563d9d9e 100644 --- a/2009/2xxx/CVE-2009-2562.json +++ b/2009/2xxx/CVE-2009-2562.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090917 Wireshark - wnpa-sec-2009-05.html && wnpa-sec-2009-06.html -- CVE confirmation and CVE Request", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/09/17/15" - }, - { - "name" : "[oss-security] 20090917 Re: Wireshark - wnpa-sec-2009-05.html && wnpa-sec-2009-06.html -- CVE confirmation and CVE Request", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/09/18/2" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3564", - "refsource" : "MISC", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3564" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2009-04.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2009-04.html" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2009-05.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2009-05.html" - }, - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.0.9.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.0.9.html" - }, - { - "name" : "DSA-1942", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1942" - }, - { - "name" : "MDVSA-2009:194", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:194" - }, - { - "name" : "35748", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35748" - }, - { - "name" : "oval:org.mitre.oval:def:11643", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11643" - }, - { - "name" : "oval:org.mitre.oval:def:5625", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5625" - }, - { - "name" : "35884", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35884" - }, - { - "name" : "37477", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37477" - }, - { - "name" : "ADV-2009-1970", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1970" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2009:194", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:194" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2009-04.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2009-04.html" + }, + { + "name": "37477", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37477" + }, + { + "name": "ADV-2009-1970", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1970" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2009-05.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2009-05.html" + }, + { + "name": "oval:org.mitre.oval:def:11643", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11643" + }, + { + "name": "35748", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35748" + }, + { + "name": "35884", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35884" + }, + { + "name": "[oss-security] 20090917 Re: Wireshark - wnpa-sec-2009-05.html && wnpa-sec-2009-06.html -- CVE confirmation and CVE Request", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/09/18/2" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3564", + "refsource": "MISC", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3564" + }, + { + "name": "oval:org.mitre.oval:def:5625", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5625" + }, + { + "name": "DSA-1942", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1942" + }, + { + "name": "[oss-security] 20090917 Wireshark - wnpa-sec-2009-05.html && wnpa-sec-2009-06.html -- CVE confirmation and CVE Request", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/09/17/15" + }, + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.0.9.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.0.9.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2951.json b/2009/2xxx/CVE-2009-2951.json index 493637f818d..e15f39ba9fb 100644 --- a/2009/2xxx/CVE-2009-2951.json +++ b/2009/2xxx/CVE-2009-2951.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2951", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Phenotype CMS before 2.9 does not use a random salt value for password encryption, which makes it easier for context-dependent attackers to determine cleartext passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phenotype-cms.com/wiki/development-changelog", - "refsource" : "CONFIRM", - "url" : "http://www.phenotype-cms.com/wiki/development-changelog" - }, - { - "name" : "phenotype-salt-value-info-disclosure(52856)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52856" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Phenotype CMS before 2.9 does not use a random salt value for password encryption, which makes it easier for context-dependent attackers to determine cleartext passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.phenotype-cms.com/wiki/development-changelog", + "refsource": "CONFIRM", + "url": "http://www.phenotype-cms.com/wiki/development-changelog" + }, + { + "name": "phenotype-salt-value-info-disclosure(52856)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52856" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2991.json b/2009/2xxx/CVE-2009-2991.json index edc88c43bb7..3ac3faa15d6 100644 --- a/2009/2xxx/CVE-2009-2991.json +++ b/2009/2xxx/CVE-2009-2991.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2991", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb09-15.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb09-15.html" - }, - { - "name" : "TA09-286B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-286B.html" - }, - { - "name" : "36638", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36638" - }, - { - "name" : "oval:org.mitre.oval:def:5557", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5557" - }, - { - "name" : "1023007", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023007" - }, - { - "name" : "ADV-2009-2898", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36638", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36638" + }, + { + "name": "TA09-286B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-286B.html" + }, + { + "name": "oval:org.mitre.oval:def:5557", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5557" + }, + { + "name": "1023007", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023007" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb09-15.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb09-15.html" + }, + { + "name": "ADV-2009-2898", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2898" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3179.json b/2009/3xxx/CVE-2009-3179.json index ba26b14938e..4386529547e 100644 --- a/2009/3xxx/CVE-2009-3179.json +++ b/2009/3xxx/CVE-2009-3179.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Symantec Altiris Deployment Solution 6.9 might allow remote attackers to execute arbitrary code via unknown client-side attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.17, as identified by (1) \"Symantec Altiris Deployment Solution 6.9 exploit, (2) \"Symantec Altiris Deployment Solution 6.9 exploit (II),\" and (3) \"Symantec Altiris Deployment Solution 6.9 exploit (III).\" NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://intevydis.com/vd-list.shtml", - "refsource" : "MISC", - "url" : "http://intevydis.com/vd-list.shtml" - }, - { - "name" : "36247", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36247" - }, - { - "name" : "36587", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36587" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Symantec Altiris Deployment Solution 6.9 might allow remote attackers to execute arbitrary code via unknown client-side attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.17, as identified by (1) \"Symantec Altiris Deployment Solution 6.9 exploit, (2) \"Symantec Altiris Deployment Solution 6.9 exploit (II),\" and (3) \"Symantec Altiris Deployment Solution 6.9 exploit (III).\" NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36587", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36587" + }, + { + "name": "http://intevydis.com/vd-list.shtml", + "refsource": "MISC", + "url": "http://intevydis.com/vd-list.shtml" + }, + { + "name": "36247", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36247" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3851.json b/2009/3xxx/CVE-2009-3851.json index 913833d77c3..226c7fc5dc0 100644 --- a/2009/3xxx/CVE-2009-3851.json +++ b/2009/3xxx/CVE-2009-3851.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trusted Extensions in Sun Solaris 10 interferes with the operation of the xscreensaver-demo command for the XScreenSaver application, which makes it easier for physically proximate attackers to access an unattended workstation for which the intended screen locking did not occur, related to the \"restart daemon.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-120094-28-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-120094-28-1" - }, - { - "name" : "270809", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270809-1" - }, - { - "name" : "oval:org.mitre.oval:def:6845", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6845" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trusted Extensions in Sun Solaris 10 interferes with the operation of the xscreensaver-demo command for the XScreenSaver application, which makes it easier for physically proximate attackers to access an unattended workstation for which the intended screen locking did not occur, related to the \"restart daemon.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:6845", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6845" + }, + { + "name": "270809", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270809-1" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-120094-28-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-120094-28-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0220.json b/2015/0xxx/CVE-2015-0220.json index c71b195ee03..2d628b9d2ea 100644 --- a/2015/0xxx/CVE-2015-0220.json +++ b/2015/0xxx/CVE-2015-0220.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a \"\\njavascript:\" URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-0220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.djangoproject.com/weblog/2015/jan/13/security/", - "refsource" : "CONFIRM", - "url" : "https://www.djangoproject.com/weblog/2015/jan/13/security/" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0026.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0026.html" - }, - { - "name" : "FEDORA-2015-0714", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148485.html" - }, - { - "name" : "FEDORA-2015-0804", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148608.html" - }, - { - "name" : "MDVSA-2015:036", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:036" - }, - { - "name" : "MDVSA-2015:109", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:109" - }, - { - "name" : "openSUSE-SU-2015:0643", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html" - }, - { - "name" : "openSUSE-SU-2015:1598", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html" - }, - { - "name" : "USN-2469-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-2469-1" - }, - { - "name" : "62285", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62285" - }, - { - "name" : "62309", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62309" - }, - { - "name" : "62718", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a \"\\njavascript:\" URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62718", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62718" + }, + { + "name": "FEDORA-2015-0804", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148608.html" + }, + { + "name": "USN-2469-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-2469-1" + }, + { + "name": "MDVSA-2015:036", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:036" + }, + { + "name": "62285", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62285" + }, + { + "name": "openSUSE-SU-2015:1598", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html" + }, + { + "name": "https://www.djangoproject.com/weblog/2015/jan/13/security/", + "refsource": "CONFIRM", + "url": "https://www.djangoproject.com/weblog/2015/jan/13/security/" + }, + { + "name": "openSUSE-SU-2015:0643", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html" + }, + { + "name": "62309", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62309" + }, + { + "name": "MDVSA-2015:109", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:109" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0026.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0026.html" + }, + { + "name": "FEDORA-2015-0714", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148485.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0313.json b/2015/0xxx/CVE-2015-0313.json index 1ce5a09dcb6..ae3d2f5f014 100644 --- a/2015/0xxx/CVE-2015-0313.json +++ b/2015/0xxx/CVE-2015-0313.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-0313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "36579", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/36579/" - }, - { - "name" : "http://packetstormsecurity.com/files/131189/Adobe-Flash-Player-ByteArray-With-Workers-Use-After-Free.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/131189/Adobe-Flash-Player-ByteArray-With-Workers-Use-After-Free.html" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsa15-02.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsa15-02.html" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html" - }, - { - "name" : "https://technet.microsoft.com/library/security/2755801", - "refsource" : "CONFIRM", - "url" : "https://technet.microsoft.com/library/security/2755801" - }, - { - "name" : "SUSE-SU-2015:0236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html" - }, - { - "name" : "SUSE-SU-2015:0239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html" - }, - { - "name" : "openSUSE-SU-2015:0237", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html" - }, - { - "name" : "openSUSE-SU-2015:0238", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html" - }, - { - "name" : "72429", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72429" - }, - { - "name" : "117853", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/117853" - }, - { - "name" : "1031686", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031686" - }, - { - "name" : "62528", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62528" - }, - { - "name" : "62777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62777" - }, - { - "name" : "62895", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62895" - }, - { - "name" : "adobe-flash-cve20150313-code-exec(100641)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100641" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031686", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031686" + }, + { + "name": "openSUSE-SU-2015:0238", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html" + }, + { + "name": "62895", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62895" + }, + { + "name": "http://packetstormsecurity.com/files/131189/Adobe-Flash-Player-ByteArray-With-Workers-Use-After-Free.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/131189/Adobe-Flash-Player-ByteArray-With-Workers-Use-After-Free.html" + }, + { + "name": "https://technet.microsoft.com/library/security/2755801", + "refsource": "CONFIRM", + "url": "https://technet.microsoft.com/library/security/2755801" + }, + { + "name": "117853", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/117853" + }, + { + "name": "62777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62777" + }, + { + "name": "adobe-flash-cve20150313-code-exec(100641)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100641" + }, + { + "name": "62528", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62528" + }, + { + "name": "openSUSE-SU-2015:0237", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html" + }, + { + "name": "SUSE-SU-2015:0236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html" + }, + { + "name": "72429", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72429" + }, + { + "name": "36579", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/36579/" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsa15-02.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsa15-02.html" + }, + { + "name": "SUSE-SU-2015:0239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0414.json b/2015/0xxx/CVE-2015-0414.json index e760bc63941..5e776e408fd 100644 --- a/2015/0xxx/CVE-2015-0414.json +++ b/2015/0xxx/CVE-2015-0414.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0414", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle SOA Suite component in Oracle Fusion Middleware 11.1.1.7 and 12.1.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Fabric Layer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "72220", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72220" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle SOA Suite component in Oracle Fusion Middleware 11.1.1.7 and 12.1.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Fabric Layer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72220", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72220" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0441.json b/2015/0xxx/CVE-2015-0441.json index 419885543fb..1ae9f0f5cdd 100644 --- a/2015/0xxx/CVE-2015-0441.json +++ b/2015/0xxx/CVE-2015-0441.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0441", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" - }, - { - "name" : "DSA-3229", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3229" - }, - { - "name" : "DSA-3311", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3311" - }, - { - "name" : "GLSA-201507-19", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201507-19" - }, - { - "name" : "RHSA-2015:1629", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1629.html" - }, - { - "name" : "RHSA-2015:1628", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1628.html" - }, - { - "name" : "RHSA-2015:1647", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1647.html" - }, - { - "name" : "RHSA-2015:1665", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1665.html" - }, - { - "name" : "SUSE-SU-2015:0946", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" - }, - { - "name" : "USN-2575-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2575-1" - }, - { - "name" : "1032121", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201507-19", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201507-19" + }, + { + "name": "DSA-3229", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3229" + }, + { + "name": "1032121", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032121" + }, + { + "name": "DSA-3311", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3311" + }, + { + "name": "RHSA-2015:1647", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1647.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" + }, + { + "name": "RHSA-2015:1628", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1628.html" + }, + { + "name": "SUSE-SU-2015:0946", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" + }, + { + "name": "USN-2575-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2575-1" + }, + { + "name": "RHSA-2015:1629", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1629.html" + }, + { + "name": "RHSA-2015:1665", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1665.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0998.json b/2015/0xxx/CVE-2015-0998.json index 9de9e201647..378b066e7aa 100644 --- a/2015/0xxx/CVE-2015-0998.json +++ b/2015/0xxx/CVE-2015-0998.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2015-0998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01" - }, - { - "name" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01", - "refsource" : "CONFIRM", - "url" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01" - }, - { - "name" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02", - "refsource" : "CONFIRM", - "url" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01", + "refsource": "CONFIRM", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01" + }, + { + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02", + "refsource": "CONFIRM", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4075.json b/2015/4xxx/CVE-2015-4075.json index 70bb5316252..66340907569 100644 --- a/2015/4xxx/CVE-2015-4075.json +++ b/2015/4xxx/CVE-2015-4075.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37666", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37666/" - }, - { - "name" : "20151231 Joomla! plugin Helpdesk Pro < 1.4.0", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jul/102" - }, - { - "name" : "http://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html" - }, - { - "name" : "75971", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75971" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37666", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37666/" + }, + { + "name": "http://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html" + }, + { + "name": "75971", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75971" + }, + { + "name": "20151231 Joomla! plugin Helpdesk Pro < 1.4.0", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jul/102" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4289.json b/2015/4xxx/CVE-2015-4289.json index ff1f4342a8b..372ed56f8a8 100644 --- a/2015/4xxx/CVE-2015-4289.json +++ b/2015/4xxx/CVE-2015-4289.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID CSCut93920." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150730 Cisco AnyConnect Secure Mobilty Client Directory Traversal Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=40175" - }, - { - "name" : "1033173", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033173" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID CSCut93920." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150730 Cisco AnyConnect Secure Mobilty Client Directory Traversal Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40175" + }, + { + "name": "1033173", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033173" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4309.json b/2015/4xxx/CVE-2015-4309.json index d34071d0401..3d2a4f909de 100644 --- a/2015/4xxx/CVE-2015-4309.json +++ b/2015/4xxx/CVE-2015-4309.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4309", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4309", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4321.json b/2015/4xxx/CVE-2015-4321.json index 36865b03846..7da9eb2a755 100644 --- a/2015/4xxx/CVE-2015-4321.json +++ b/2015/4xxx/CVE-2015-4321.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Unicast Reverse Path Forwarding (uRPF) implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(1.50), 9.3(2.100), 9.3(3), and 9.4(1) mishandles cases where an IP address belongs to an internal interface but is also in the ASA routing table, which allows remote attackers to bypass uRPF validation via spoofed packets, aka Bug ID CSCuv60724." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150812 Cisco ASA Unicast Reverse Path Forwarding (uRPF) Bypass Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=40440" - }, - { - "name" : "1033265", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033265" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Unicast Reverse Path Forwarding (uRPF) implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(1.50), 9.3(2.100), 9.3(3), and 9.4(1) mishandles cases where an IP address belongs to an internal interface but is also in the ASA routing table, which allows remote attackers to bypass uRPF validation via spoofed packets, aka Bug ID CSCuv60724." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033265", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033265" + }, + { + "name": "20150812 Cisco ASA Unicast Reverse Path Forwarding (uRPF) Bypass Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40440" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4451.json b/2015/4xxx/CVE-2015-4451.json index 375662d6bdc..2136c4a47e0 100644 --- a/2015/4xxx/CVE-2015-4451.json +++ b/2015/4xxx/CVE-2015-4451.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4452, CVE-2015-5085, and CVE-2015-5086." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-4451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html" - }, - { - "name" : "75737", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75737" - }, - { - "name" : "1032892", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032892" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4452, CVE-2015-5085, and CVE-2015-5086." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032892", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032892" + }, + { + "name": "https://helpx.adobe.com/security/products/reader/apsb15-15.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/reader/apsb15-15.html" + }, + { + "name": "75737", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75737" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4553.json b/2015/4xxx/CVE-2015-4553.json index f5e79b340b9..30dbf658485 100644 --- a/2015/4xxx/CVE-2015-4553.json +++ b/2015/4xxx/CVE-2015-4553.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4553", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4553", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8527.json b/2015/8xxx/CVE-2015-8527.json index 445caaf1158..5162784ca97 100644 --- a/2015/8xxx/CVE-2015-8527.json +++ b/2015/8xxx/CVE-2015-8527.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8527", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-8527", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8528.json b/2015/8xxx/CVE-2015-8528.json index cee56c7dcc7..09e5c54c83a 100644 --- a/2015/8xxx/CVE-2015-8528.json +++ b/2015/8xxx/CVE-2015-8528.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8528", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-8528", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8870.json b/2015/8xxx/CVE-2015-8870.json index 8f37c225e0e..d54a39eac1a 100644 --- a/2015/8xxx/CVE-2015-8870.json +++ b/2015/8xxx/CVE-2015-8870.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.floyd.ch/?p=874BMP", - "refsource" : "MISC", - "url" : "http://www.floyd.ch/?p=874BMP" - }, - { - "name" : "http://download.osgeo.org/libtiff/tiff-4.0.4.tar.gz", - "refsource" : "CONFIRM", - "url" : "http://download.osgeo.org/libtiff/tiff-4.0.4.tar.gz" - }, - { - "name" : "RHSA-2017:0225", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0225.html" - }, - { - "name" : "94717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94717" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94717" + }, + { + "name": "http://download.osgeo.org/libtiff/tiff-4.0.4.tar.gz", + "refsource": "CONFIRM", + "url": "http://download.osgeo.org/libtiff/tiff-4.0.4.tar.gz" + }, + { + "name": "http://www.floyd.ch/?p=874BMP", + "refsource": "MISC", + "url": "http://www.floyd.ch/?p=874BMP" + }, + { + "name": "RHSA-2017:0225", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8902.json b/2015/8xxx/CVE-2015-8902.json index fb2e7199763..888d8acb28e 100644 --- a/2015/8xxx/CVE-2015-8902.json +++ b/2015/8xxx/CVE-2015-8902.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150226 Requesting CVE for ImageMagick DoS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/02/26/13" - }, - { - "name" : "[oss-security] 20160606 Re: Requesting CVE for ImageMagick DoS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/06/2" - }, - { - "name" : "http://trac.imagemagick.org/changeset/17855", - "refsource" : "CONFIRM", - "url" : "http://trac.imagemagick.org/changeset/17855" - }, - { - "name" : "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26932", - "refsource" : "CONFIRM", - "url" : "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26932" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1195269", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1195269" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150226 Requesting CVE for ImageMagick DoS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/02/26/13" + }, + { + "name": "[oss-security] 20160606 Re: Requesting CVE for ImageMagick DoS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/06/2" + }, + { + "name": "http://trac.imagemagick.org/changeset/17855", + "refsource": "CONFIRM", + "url": "http://trac.imagemagick.org/changeset/17855" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1195269", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1195269" + }, + { + "name": "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26932", + "refsource": "CONFIRM", + "url": "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26932" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9205.json b/2015/9xxx/CVE-2015-9205.json index bc173f24305..4bb0fb9ddce 100644 --- a/2015/9xxx/CVE-2015-9205.json +++ b/2015/9xxx/CVE-2015-9205.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2015-9205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 808, SD 810" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 808, and SD 810, in a PlayReady API function, a buffer over-read can occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Over-read in TrustZone" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2015-9205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 808, SD 810" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 808, and SD 810, in a PlayReady API function, a buffer over-read can occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Over-read in TrustZone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5051.json b/2016/5xxx/CVE-2016-5051.json index 720b3b636d1..95898ea7838 100644 --- a/2016/5xxx/CVE-2016-5051.json +++ b/2016/5xxx/CVE-2016-5051.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-5051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26", - "version" : { - "version_data" : [ - { - "version_value" : "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cleartext WPA2 PSK" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-5051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26", + "version": { + "version_data": [ + { + "version_value": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059", - "refsource" : "MISC", - "url" : "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cleartext WPA2 PSK" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059", + "refsource": "MISC", + "url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5066.json b/2016/5xxx/CVE-2016-5066.json index 1f5de3375f6..b74e7d7d4a7 100644 --- a/2016/5xxx/CVE-2016-5066.json +++ b/2016/5xxx/CVE-2016-5066.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-5066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2", - "version" : { - "version_data" : [ - { - "version_value" : "Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "weak passwords" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-5066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2", + "version": { + "version_data": [ + { + "version_value": "Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://carvesystems.com/sierra-wireless-2016-advisory.html", - "refsource" : "MISC", - "url" : "https://carvesystems.com/sierra-wireless-2016-advisory.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "weak passwords" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://carvesystems.com/sierra-wireless-2016-advisory.html", + "refsource": "MISC", + "url": "https://carvesystems.com/sierra-wireless-2016-advisory.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5539.json b/2016/5xxx/CVE-2016-5539.json index 09167a28b15..cf45e5f6c4d 100644 --- a/2016/5xxx/CVE-2016-5539.json +++ b/2016/5xxx/CVE-2016-5539.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Retail Xstore Payment component in Oracle Retail Applications 1.x allows local users to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-5539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "93663", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93663" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Retail Xstore Payment component in Oracle Retail Applications 1.x allows local users to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "93663", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93663" + } + ] + } +} \ No newline at end of file diff --git a/2018/1002xxx/CVE-2018-1002008.json b/2018/1002xxx/CVE-2018-1002008.json index 53dd6fe59f2..0babccc8d08 100644 --- a/2018/1002xxx/CVE-2018-1002008.json +++ b/2018/1002xxx/CVE-2018-1002008.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "larry0@me.com", - "DATE_ASSIGNED" : "2018-08-22", - "ID" : "CVE-2018-1002008", - "REQUESTER" : "kurt@seifried.org", - "STATE" : "PUBLIC", - "UPDATED" : "2017-08-10T14:41Z" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Arigato Autoresponder and Newsletter", - "version" : { - "version_data" : [ - { - "version_affected" : "<=", - "version_value" : "2.5.1.8" - } - ] - } - } - ] - }, - "vendor_name" : "Kiboko Labs https://calendarscripts.info/" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8" - } + "CVE_data_meta": { + "ASSIGNER": "larry0@me.com", + "DATE_ASSIGNED": "2018-08-22", + "ID": "CVE-2018-1002008", + "REQUESTER": "kurt@seifried.org", + "STATE": "PUBLIC", + "UPDATED": "2017-08-10T14:41Z" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Arigato Autoresponder and Newsletter", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.5.1.8" + } + ] + } + } + ] + }, + "vendor_name": "Kiboko Labs https://calendarscripts.info/" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45434", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45434/" - }, - { - "name" : "http://www.vapidlabs.com/advisory.php?v=203", - "refsource" : "MISC", - "url" : "http://www.vapidlabs.com/advisory.php?v=203" - }, - { - "name" : "https://wordpress.org/plugins/bft-autoresponder/", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/bft-autoresponder/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45434", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45434/" + }, + { + "name": "https://wordpress.org/plugins/bft-autoresponder/", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/bft-autoresponder/" + }, + { + "name": "http://www.vapidlabs.com/advisory.php?v=203", + "refsource": "MISC", + "url": "http://www.vapidlabs.com/advisory.php?v=203" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2401.json b/2018/2xxx/CVE-2018-2401.json index 8dd1c7a4d94..a4381e40047 100644 --- a/2018/2xxx/CVE-2018-2401.json +++ b/2018/2xxx/CVE-2018-2401.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2018-2401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP Business Process Automation (BPA) By Redwood", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "9.00" - } - ] - } - } - ] - }, - "vendor_name" : "SAP SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP Business Process Automation (BPA) By Redwood does not sufficiently validate an XML document accepted from an untrusted source resulting in an XML External Entity (XXE) vulnerability." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "LOW", - "baseScore" : 5.4, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "NONE", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XML External Entity" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2018-2401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP Business Process Automation (BPA) By Redwood", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.00" + } + ] + } + } + ] + }, + "vendor_name": "SAP SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/", - "refsource" : "CONFIRM", - "url" : "https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/" - }, - { - "name" : "https://launchpad.support.sap.com/#/notes/2596766", - "refsource" : "CONFIRM", - "url" : "https://launchpad.support.sap.com/#/notes/2596766" - }, - { - "name" : "103374", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103374" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP Business Process Automation (BPA) By Redwood does not sufficiently validate an XML document accepted from an untrusted source resulting in an XML External Entity (XXE) vulnerability." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XML External Entity" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://launchpad.support.sap.com/#/notes/2596766", + "refsource": "CONFIRM", + "url": "https://launchpad.support.sap.com/#/notes/2596766" + }, + { + "name": "https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/", + "refsource": "CONFIRM", + "url": "https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/" + }, + { + "name": "103374", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103374" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2425.json b/2018/2xxx/CVE-2018-2425.json index d8df48412b2..b69feda6986 100644 --- a/2018/2xxx/CVE-2018-2425.json +++ b/2018/2xxx/CVE-2018-2425.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2018-2425", - "STATE" : "PUBLIC", - "vendor_name" : "SAP SE" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP Business One", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "9.2" - }, - { - "version_affected" : "=", - "version_value" : "9.3" - } - ] - } - } - ] - }, - "vendor_name" : "SAP SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "LOCAL", - "availabilityImpact" : "HIGH", - "baseScore" : 8.4, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2018-2425", + "STATE": "PUBLIC", + "vendor_name": "SAP SE" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP Business One", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.2" + }, + { + "version_affected": "=", + "version_value": "9.3" + } + ] + } + } + ] + }, + "vendor_name": "SAP SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.support.sap.com/#/notes/2588475", - "refsource" : "MISC", - "url" : "https://launchpad.support.sap.com/#/notes/2588475" - }, - { - "name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255", - "refsource" : "CONFIRM", - "url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255" - }, - { - "name" : "104438", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104438" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104438", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104438" + }, + { + "name": "https://launchpad.support.sap.com/#/notes/2588475", + "refsource": "MISC", + "url": "https://launchpad.support.sap.com/#/notes/2588475" + }, + { + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255", + "refsource": "CONFIRM", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2570.json b/2018/2xxx/CVE-2018-2570.json index b004a6282ef..3c55e2a0f64 100644 --- a/2018/2xxx/CVE-2018-2570.json +++ b/2018/2xxx/CVE-2018-2570.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Communications Unified Inventory Management", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "7.2.4.2.x" - }, - { - "version_affected" : "=", - "version_value" : "7.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Communications Unified Inventory Management component of Oracle Communications Applications (subcomponent: Portal). Supported versions that are affected are 7.2.4.2.x and 7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Inventory Management accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Inventory Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified Inventory Management. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Inventory Management accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Inventory Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified Inventory Management." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Communications Unified Inventory Management", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.2.4.2.x" + }, + { + "version_affected": "=", + "version_value": "7.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102665", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102665" - }, - { - "name" : "1040200", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Communications Unified Inventory Management component of Oracle Communications Applications (subcomponent: Portal). Supported versions that are affected are 7.2.4.2.x and 7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Inventory Management accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Inventory Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified Inventory Management. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Inventory Management accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Inventory Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified Inventory Management." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "102665", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102665" + }, + { + "name": "1040200", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040200" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2652.json b/2018/2xxx/CVE-2018-2652.json index bb0062e89db..02eaa15078f 100644 --- a/2018/2xxx/CVE-2018-2652.json +++ b/2018/2xxx/CVE-2018-2652.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PT PeopleTools", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.54" - }, - { - "version_affected" : "=", - "version_value" : "8.55" - }, - { - "version_affected" : "=", - "version_value" : "8.56" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.54" + }, + { + "version_affected": "=", + "version_value": "8.55" + }, + { + "version_affected": "=", + "version_value": "8.56" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102586", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102586" - }, - { - "name" : "1040204", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "102586", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102586" + }, + { + "name": "1040204", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040204" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6288.json b/2018/6xxx/CVE-2018-6288.json index a78e3915a6c..b3bce01e7c8 100644 --- a/2018/6xxx/CVE-2018-6288.json +++ b/2018/6xxx/CVE-2018-6288.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnerability@kaspersky.com", - "DATE_PUBLIC" : "2018-02-01T00:00:00", - "ID" : "CVE-2018-6288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kaspersky Secure Mail Gateway", - "version" : { - "version_data" : [ - { - "version_value" : "1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Kaspersky Labs" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site Request Forgery leading to Administrative account takeover" - } + "CVE_data_meta": { + "ASSIGNER": "vulnerability@kaspersky.com", + "DATE_PUBLIC": "2018-02-01T00:00:00", + "ID": "CVE-2018-6288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kaspersky Secure Mail Gateway", + "version": { + "version_data": [ + { + "version_value": "1.1" + } + ] + } + } + ] + }, + "vendor_name": "Kaspersky Labs" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.coresecurity.com/advisories/kaspersky-secure-mail-gateway-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/kaspersky-secure-mail-gateway-multiple-vulnerabilities" - }, - { - "name" : "https://support.kaspersky.com/vulnerability.aspx?el=12430#010218", - "refsource" : "CONFIRM", - "url" : "https://support.kaspersky.com/vulnerability.aspx?el=12430#010218" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Request Forgery leading to Administrative account takeover" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.kaspersky.com/vulnerability.aspx?el=12430#010218", + "refsource": "CONFIRM", + "url": "https://support.kaspersky.com/vulnerability.aspx?el=12430#010218" + }, + { + "name": "https://www.coresecurity.com/advisories/kaspersky-secure-mail-gateway-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/kaspersky-secure-mail-gateway-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6300.json b/2018/6xxx/CVE-2018-6300.json index 5c27b321e99..926eb72bf1e 100644 --- a/2018/6xxx/CVE-2018-6300.json +++ b/2018/6xxx/CVE-2018-6300.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnerability@kaspersky.com", - "DATE_PUBLIC" : "2018-03-12T00:00:00", - "ID" : "CVE-2018-6300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hanwha Techwin Smartcams", - "version" : { - "version_data" : [ - { - "version_value" : "7.55" - } - ] - } - } - ] - }, - "vendor_name" : "Hanwha Techwin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Remote password change in Hanwha Techwin Smartcams" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote password change" - } + "CVE_data_meta": { + "ASSIGNER": "vulnerability@kaspersky.com", + "DATE_PUBLIC": "2018-03-12T00:00:00", + "ID": "CVE-2018-6300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hanwha Techwin Smartcams", + "version": { + "version_data": [ + { + "version_value": "7.55" + } + ] + } + } + ] + }, + "vendor_name": "Hanwha Techwin" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/", - "refsource" : "MISC", - "url" : "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Remote password change in Hanwha Techwin Smartcams" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote password change" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/", + "refsource": "MISC", + "url": "https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6478.json b/2018/6xxx/CVE-2018-6478.json index f74566d69e1..2bb4a464d0e 100644 --- a/2018/6xxx/CVE-2018-6478.json +++ b/2018/6xxx/CVE-2018-6478.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6478", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6478", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6887.json b/2018/6xxx/CVE-2018-6887.json index d3eb0336f5f..cdf9b064cf2 100644 --- a/2018/6xxx/CVE-2018-6887.json +++ b/2018/6xxx/CVE-2018-6887.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6887", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6887", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6934.json b/2018/6xxx/CVE-2018-6934.json index 88e4b2bf1da..e92bb7a680b 100644 --- a/2018/6xxx/CVE-2018-6934.json +++ b/2018/6xxx/CVE-2018-6934.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CSRF exists in student/personal-info in PHP Scripts Mall Online Tutoring Script 2.0.3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://0day4u.wordpress.com/2018/03/12/97/", - "refsource" : "MISC", - "url" : "https://0day4u.wordpress.com/2018/03/12/97/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CSRF exists in student/personal-info in PHP Scripts Mall Online Tutoring Script 2.0.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://0day4u.wordpress.com/2018/03/12/97/", + "refsource": "MISC", + "url": "https://0day4u.wordpress.com/2018/03/12/97/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7485.json b/2018/7xxx/CVE-2018-7485.json index 5f0c3408050..bdcb0761f15 100644 --- a/2018/7xxx/CVE-2018-7485.json +++ b/2018/7xxx/CVE-2018-7485.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/lurcher/unixODBC/commit/45ef78e037f578b15fc58938a3a3251655e71d6f#diff-d52750c7ba4e594410438569d8e2963aL24", - "refsource" : "MISC", - "url" : "https://github.com/lurcher/unixODBC/commit/45ef78e037f578b15fc58938a3a3251655e71d6f#diff-d52750c7ba4e594410438569d8e2963aL24" - }, - { - "name" : "103193", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103193" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/lurcher/unixODBC/commit/45ef78e037f578b15fc58938a3a3251655e71d6f#diff-d52750c7ba4e594410438569d8e2963aL24", + "refsource": "MISC", + "url": "https://github.com/lurcher/unixODBC/commit/45ef78e037f578b15fc58938a3a3251655e71d6f#diff-d52750c7ba4e594410438569d8e2963aL24" + }, + { + "name": "103193", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103193" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1179.json b/2019/1xxx/CVE-2019-1179.json index 3d5e3dedb24..a0df2b9cc52 100644 --- a/2019/1xxx/CVE-2019-1179.json +++ b/2019/1xxx/CVE-2019-1179.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1179", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1179", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1734.json b/2019/1xxx/CVE-2019-1734.json index a34fde45884..be48449e26f 100644 --- a/2019/1xxx/CVE-2019-1734.json +++ b/2019/1xxx/CVE-2019-1734.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1734", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1734", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1907.json b/2019/1xxx/CVE-2019-1907.json index 94fa58eddc9..f0db7a59ef7 100644 --- a/2019/1xxx/CVE-2019-1907.json +++ b/2019/1xxx/CVE-2019-1907.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1907", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1907", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5120.json b/2019/5xxx/CVE-2019-5120.json index 10f5f345c6b..5467ecda0aa 100644 --- a/2019/5xxx/CVE-2019-5120.json +++ b/2019/5xxx/CVE-2019-5120.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5120", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5120", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5307.json b/2019/5xxx/CVE-2019-5307.json index 8d9eaae2cdb..1d3485c24fd 100644 --- a/2019/5xxx/CVE-2019-5307.json +++ b/2019/5xxx/CVE-2019-5307.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5307", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5307", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5362.json b/2019/5xxx/CVE-2019-5362.json index a6ba79eebdd..6cbbe3e5f65 100644 --- a/2019/5xxx/CVE-2019-5362.json +++ b/2019/5xxx/CVE-2019-5362.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5362", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5362", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5489.json b/2019/5xxx/CVE-2019-5489.json index a87b76cb505..d9dae860b12 100644 --- a/2019/5xxx/CVE-2019-5489.json +++ b/2019/5xxx/CVE-2019-5489.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e", - "refsource" : "MISC", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e" - }, - { - "name" : "https://arxiv.org/abs/1901.01161", - "refsource" : "MISC", - "url" : "https://arxiv.org/abs/1901.01161" - }, - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1120843", - "refsource" : "MISC", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1120843" - }, - { - "name" : "https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e" - }, - { - "name" : "https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/", - "refsource" : "MISC", - "url" : "https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190307-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190307-0001/" - }, - { - "name" : "106478", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/", + "refsource": "MISC", + "url": "https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/" + }, + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1120843", + "refsource": "MISC", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1120843" + }, + { + "name": "https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e" + }, + { + "name": "https://arxiv.org/abs/1901.01161", + "refsource": "MISC", + "url": "https://arxiv.org/abs/1901.01161" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190307-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190307-0001/" + }, + { + "name": "106478", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106478" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e", + "refsource": "MISC", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e" + } + ] + } +} \ No newline at end of file