From f1308491662985532ae3c2a1a2b06eaba222ea66 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:51:21 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2005/0xxx/CVE-2005-0308.json | 160 ++++++------- 2005/0xxx/CVE-2005-0335.json | 160 ++++++------- 2005/2xxx/CVE-2005-2225.json | 140 +++++------ 2005/2xxx/CVE-2005-2357.json | 160 ++++++------- 2005/3xxx/CVE-2005-3041.json | 140 +++++------ 2005/3xxx/CVE-2005-3350.json | 400 +++++++++++++++---------------- 2005/3xxx/CVE-2005-3482.json | 180 +++++++------- 2005/3xxx/CVE-2005-3568.json | 160 ++++++------- 2005/3xxx/CVE-2005-3615.json | 34 +-- 2005/4xxx/CVE-2005-4200.json | 150 ++++++------ 2005/4xxx/CVE-2005-4621.json | 150 ++++++------ 2005/4xxx/CVE-2005-4858.json | 130 +++++------ 2009/0xxx/CVE-2009-0067.json | 34 +-- 2009/2xxx/CVE-2009-2111.json | 150 ++++++------ 2009/2xxx/CVE-2009-2183.json | 130 +++++------ 2009/2xxx/CVE-2009-2719.json | 180 +++++++------- 2009/3xxx/CVE-2009-3110.json | 150 ++++++------ 2009/3xxx/CVE-2009-3122.json | 170 +++++++------- 2009/3xxx/CVE-2009-3253.json | 130 +++++------ 2009/3xxx/CVE-2009-3954.json | 230 +++++++++--------- 2009/4xxx/CVE-2009-4106.json | 140 +++++------ 2009/4xxx/CVE-2009-4127.json | 150 ++++++------ 2009/4xxx/CVE-2009-4233.json | 140 +++++------ 2009/4xxx/CVE-2009-4620.json | 170 +++++++------- 2015/0xxx/CVE-2015-0146.json | 120 +++++----- 2015/0xxx/CVE-2015-0369.json | 150 ++++++------ 2015/0xxx/CVE-2015-0497.json | 130 +++++------ 2015/1xxx/CVE-2015-1249.json | 440 +++++++++++++++++------------------ 2015/1xxx/CVE-2015-1503.json | 140 +++++------ 2015/1xxx/CVE-2015-1594.json | 130 +++++------ 2015/4xxx/CVE-2015-4013.json | 34 +-- 2015/4xxx/CVE-2015-4638.json | 130 +++++------ 2015/5xxx/CVE-2015-5386.json | 130 +++++------ 2015/5xxx/CVE-2015-5636.json | 140 +++++------ 2015/5xxx/CVE-2015-5643.json | 140 +++++------ 2015/5xxx/CVE-2015-5864.json | 140 +++++------ 2015/5xxx/CVE-2015-5866.json | 150 ++++++------ 2018/3xxx/CVE-2018-3037.json | 158 ++++++------- 2018/3xxx/CVE-2018-3038.json | 174 +++++++------- 2018/3xxx/CVE-2018-3230.json | 140 +++++------ 2018/3xxx/CVE-2018-3479.json | 34 +-- 2018/3xxx/CVE-2018-3606.json | 290 +++++++++++------------ 2018/3xxx/CVE-2018-3710.json | 172 +++++++------- 2018/6xxx/CVE-2018-6659.json | 218 ++++++++--------- 2018/6xxx/CVE-2018-6668.json | 190 +++++++-------- 2018/6xxx/CVE-2018-6777.json | 120 +++++----- 2018/7xxx/CVE-2018-7099.json | 130 +++++------ 2018/7xxx/CVE-2018-7318.json | 120 +++++----- 2018/7xxx/CVE-2018-7574.json | 34 +-- 2018/7xxx/CVE-2018-7608.json | 34 +-- 2018/7xxx/CVE-2018-7886.json | 130 +++++------ 2018/8xxx/CVE-2018-8316.json | 262 ++++++++++----------- 2018/8xxx/CVE-2018-8626.json | 276 +++++++++++----------- 53 files changed, 4097 insertions(+), 4097 deletions(-) diff --git a/2005/0xxx/CVE-2005-0308.json b/2005/0xxx/CVE-2005-0308.json index 8f9000b0d63..818702e8b08 100644 --- a/2005/0xxx/CVE-2005-0308.json +++ b/2005/0xxx/CVE-2005-0308.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0308", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier allows remote attackers to execute arbitrary code via a large import or export function name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0308", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050124 Local buffer-overflow in W32Dasm 8.93", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110661194108205&w=2" - }, - { - "name" : "12352", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12352" - }, - { - "name" : "1012997", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012997" - }, - { - "name" : "13986", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13986" - }, - { - "name" : "w32dasm-wsprintf-bo(19044)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19044" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier allows remote attackers to execute arbitrary code via a large import or export function name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12352", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12352" + }, + { + "name": "20050124 Local buffer-overflow in W32Dasm 8.93", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110661194108205&w=2" + }, + { + "name": "13986", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13986" + }, + { + "name": "1012997", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012997" + }, + { + "name": "w32dasm-wsprintf-bo(19044)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19044" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0335.json b/2005/0xxx/CVE-2005-0335.json index 3f7c5eaf82a..9b232156424 100644 --- a/2005/0xxx/CVE-2005-0335.json +++ b/2005/0xxx/CVE-2005-0335.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050110 Portcullis Security Advisory 05-010", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110547214224714&w=2" - }, - { - "name" : "12236", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12236" - }, - { - "name" : "1012838", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012838" - }, - { - "name" : "13820", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13820" - }, - { - "name" : "mediapartner-dotdot-directory-traversal(18842)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18842" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12236" + }, + { + "name": "1012838", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012838" + }, + { + "name": "13820", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13820" + }, + { + "name": "mediapartner-dotdot-directory-traversal(18842)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18842" + }, + { + "name": "20050110 Portcullis Security Advisory 05-010", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110547214224714&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2225.json b/2005/2xxx/CVE-2005-2225.json index ba1d5d1e704..84757576dbc 100644 --- a/2005/2xxx/CVE-2005-2225.json +++ b/2005/2xxx/CVE-2005-2225.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2225", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message containing the \".pif\" string, which is interpreted as a malicious file extension and causes users to be kicked from a group conversation. NOTE: it has been reported that Gaim is also affected, so this may be an issue in the protocol or MSN servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2225", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.digitalparadox.org/viewadvisories.ah?view=45", - "refsource" : "MISC", - "url" : "http://www.digitalparadox.org/viewadvisories.ah?view=45" - }, - { - "name" : "http://www.messenger-blog.com/?p=146", - "refsource" : "MISC", - "url" : "http://www.messenger-blog.com/?p=146" - }, - { - "name" : "1014444", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message containing the \".pif\" string, which is interpreted as a malicious file extension and causes users to be kicked from a group conversation. NOTE: it has been reported that Gaim is also affected, so this may be an issue in the protocol or MSN servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.digitalparadox.org/viewadvisories.ah?view=45", + "refsource": "MISC", + "url": "http://www.digitalparadox.org/viewadvisories.ah?view=45" + }, + { + "name": "http://www.messenger-blog.com/?p=146", + "refsource": "MISC", + "url": "http://www.messenger-blog.com/?p=146" + }, + { + "name": "1014444", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014444" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2357.json b/2005/2xxx/CVE-2005-2357.json index edf3ac5ab33..8442ca6bf48 100644 --- a/2005/2xxx/CVE-2005-2357.json +++ b/2005/2xxx/CVE-2005-2357.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050805 EMC Navisphere Manager Directory Traversal Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=288&type=vulnerabilities&flashstatus=true" - }, - { - "name" : "14487", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14487" - }, - { - "name" : "1014629", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014629" - }, - { - "name" : "16344", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16344" - }, - { - "name" : "emcnavispheremanager-directory-traversal(21726)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14487", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14487" + }, + { + "name": "16344", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16344" + }, + { + "name": "emcnavispheremanager-directory-traversal(21726)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21726" + }, + { + "name": "1014629", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014629" + }, + { + "name": "20050805 EMC Navisphere Manager Directory Traversal Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=288&type=vulnerabilities&flashstatus=true" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3041.json b/2005/3xxx/CVE-2005-3041.json index 3b206678006..adc87432215 100644 --- a/2005/3xxx/CVE-2005-3041.json +++ b/2005/3xxx/CVE-2005-3041.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified \"drag-and-drop vulnerability\" in Opera Web Browser before 8.50 on Windows allows \"unintentional file uploads.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/windows/850/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/850/" - }, - { - "name" : "14884", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14884" - }, - { - "name" : "ADV-2005-1789", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified \"drag-and-drop vulnerability\" in Opera Web Browser before 8.50 on Windows allows \"unintentional file uploads.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-1789", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1789" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/850/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/850/" + }, + { + "name": "14884", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14884" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3350.json b/2005/3xxx/CVE-2005-3350.json index 784a0b5e335..7d8c2deeee7 100644 --- a/2005/3xxx/CVE-2005-3350.json +++ b/2005/3xxx/CVE-2005-3350.json @@ -1,202 +1,202 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libungif library before 4.1.0 allows attackers to corrupt memory and possibly execute arbitrary code via a crafted GIF file that leads to an out-of-bounds write." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-3350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://scary.beasts.org/security/CESA-2005-007.txt", - "refsource" : "MISC", - "url" : "http://scary.beasts.org/security/CESA-2005-007.txt" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171413", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171413" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=364493", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=364493" - }, - { - "name" : "DSA-890", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-890" - }, - { - "name" : "FLSA:174479", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/428059/100/0/threaded" - }, - { - "name" : "FLSA-2006:174479", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/428059/30/6300/threaded" - }, - { - "name" : "FEDORA-2009-5118", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00771.html" - }, - { - "name" : "GLSA-200511-03", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200511-03.xml" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=109997", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=109997" - }, - { - "name" : "MDKSA-2005:207", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:207" - }, - { - "name" : "RHSA-2005:828", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-828.html" - }, - { - "name" : "RHSA-2009:0444", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0444.html" - }, - { - "name" : "USN-214-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntulinux.org/usn/usn-214-1" - }, - { - "name" : "15299", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15299" - }, - { - "name" : "oval:org.mitre.oval:def:9314", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9314" - }, - { - "name" : "34872", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34872" - }, - { - "name" : "35164", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35164" - }, - { - "name" : "ADV-2005-2295", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2295" - }, - { - "name" : "20471", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20471" - }, - { - "name" : "1015149", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015149" - }, - { - "name" : "17442", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17442" - }, - { - "name" : "17462", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17462" - }, - { - "name" : "17488", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17488" - }, - { - "name" : "17508", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17508" - }, - { - "name" : "17559", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17559" - }, - { - "name" : "17436", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17436" - }, - { - "name" : "17438", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17438" - }, - { - "name" : "17482", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17482" - }, - { - "name" : "17497", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libungif library before 4.1.0 allows attackers to corrupt memory and possibly execute arbitrary code via a crafted GIF file that leads to an out-of-bounds write." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17508", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17508" + }, + { + "name": "20471", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20471" + }, + { + "name": "17438", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17438" + }, + { + "name": "FLSA-2006:174479", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/428059/30/6300/threaded" + }, + { + "name": "17482", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17482" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=109997", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=109997" + }, + { + "name": "17442", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17442" + }, + { + "name": "15299", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15299" + }, + { + "name": "34872", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34872" + }, + { + "name": "RHSA-2005:828", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-828.html" + }, + { + "name": "17559", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17559" + }, + { + "name": "USN-214-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntulinux.org/usn/usn-214-1" + }, + { + "name": "17488", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17488" + }, + { + "name": "RHSA-2009:0444", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0444.html" + }, + { + "name": "FEDORA-2009-5118", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00771.html" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171413", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171413" + }, + { + "name": "oval:org.mitre.oval:def:9314", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9314" + }, + { + "name": "GLSA-200511-03", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-03.xml" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=364493", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=364493" + }, + { + "name": "ADV-2005-2295", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2295" + }, + { + "name": "17436", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17436" + }, + { + "name": "DSA-890", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-890" + }, + { + "name": "FLSA:174479", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/428059/100/0/threaded" + }, + { + "name": "http://scary.beasts.org/security/CESA-2005-007.txt", + "refsource": "MISC", + "url": "http://scary.beasts.org/security/CESA-2005-007.txt" + }, + { + "name": "1015149", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015149" + }, + { + "name": "17462", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17462" + }, + { + "name": "MDKSA-2005:207", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:207" + }, + { + "name": "17497", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17497" + }, + { + "name": "35164", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35164" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3482.json b/2005/3xxx/CVE-2005-3482.json index 487d63cece7..456fdb395ff 100644 --- a/2005/3xxx/CVE-2005-3482.json +++ b/2005/3xxx/CVE-2005-3482.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco 1200, 1131, and 1240 series Access Points, when operating in Lightweight Access Point Protocol (LWAPP) mode and controlled by 2000 and 4400 series Airespace WLAN controllers running 3.1.59.24, allow remote attackers to send unencrypted traffic to a secure network using frames with the MAC address of an authenticated end host." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051102 Cisco Airespace Wireless LAN Controllers Allow Unencrypted Network Access", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20051102-lwapp.shtml" - }, - { - "name" : "15272", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15272" - }, - { - "name" : "ADV-2005-2278", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2278" - }, - { - "name" : "20454", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20454" - }, - { - "name" : "1015140", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015140" - }, - { - "name" : "17406", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17406" - }, - { - "name" : "139", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/139" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco 1200, 1131, and 1240 series Access Points, when operating in Lightweight Access Point Protocol (LWAPP) mode and controlled by 2000 and 4400 series Airespace WLAN controllers running 3.1.59.24, allow remote attackers to send unencrypted traffic to a secure network using frames with the MAC address of an authenticated end host." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "139", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/139" + }, + { + "name": "20454", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20454" + }, + { + "name": "15272", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15272" + }, + { + "name": "17406", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17406" + }, + { + "name": "1015140", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015140" + }, + { + "name": "20051102 Cisco Airespace Wireless LAN Controllers Allow Unencrypted Network Access", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20051102-lwapp.shtml" + }, + { + "name": "ADV-2005-2278", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2278" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3568.json b/2005/3xxx/CVE-2005-3568.json index 925b0daf8f1..a7544ba66d3 100644 --- a/2005/3xxx/CVE-2005-3568.json +++ b/2005/3xxx/CVE-2005-3568.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 allows local users to cause a denial of service (CPU consumption) by importing a corrupted Microsoft Excel file, aka \"CORRUPTED EXEL FILE WILL CAUSE TEXT SEARCH PROCESS LOOPING.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IO00737", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IO00737" - }, - { - "name" : "15376", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15376" - }, - { - "name" : "20707", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20707" - }, - { - "name" : "17388", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17388" - }, - { - "name" : "db2-db2fmp-dos(23088)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 allows local users to cause a denial of service (CPU consumption) by importing a corrupted Microsoft Excel file, aka \"CORRUPTED EXEL FILE WILL CAUSE TEXT SEARCH PROCESS LOOPING.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg1IO00737", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IO00737" + }, + { + "name": "db2-db2fmp-dos(23088)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23088" + }, + { + "name": "17388", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17388" + }, + { + "name": "20707", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20707" + }, + { + "name": "15376", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15376" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3615.json b/2005/3xxx/CVE-2005-3615.json index a47471a7591..8e32ebc3035 100644 --- a/2005/3xxx/CVE-2005-3615.json +++ b/2005/3xxx/CVE-2005-3615.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3615", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3615", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4200.json b/2005/4xxx/CVE-2005-4200.json index 767d89d9864..5d5bdce230a 100644 --- a/2005/4xxx/CVE-2005-4200.json +++ b/2005/4xxx/CVE-2005-4200.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0 have unknown impact and attack vectors, a different set of vulnerabilities than those identified by CVE-2005-4199." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964", - "refsource" : "CONFIRM", - "url" : "http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964" - }, - { - "name" : "15793", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15793" - }, - { - "name" : "ADV-2005-2842", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2842" - }, - { - "name" : "18000", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0 have unknown impact and attack vectors, a different set of vulnerabilities than those identified by CVE-2005-4199." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15793", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15793" + }, + { + "name": "18000", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18000" + }, + { + "name": "http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964", + "refsource": "CONFIRM", + "url": "http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964" + }, + { + "name": "ADV-2005-2842", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2842" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4621.json b/2005/4xxx/CVE-2005-4621.json index 0b710981458..bf75b77b907 100644 --- a/2005/4xxx/CVE-2005-4621.json +++ b/2005/4xxx/CVE-2005-4621.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a URL in the remote avatar url field, in which the URL generates a parsing error, and possibly requiring a trailing extension such as .jpg." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/vbulletin-351-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/vbulletin-351-xss-vuln.html" - }, - { - "name" : "http://www.vbulletin.com/forum/showthread.php?t=166391", - "refsource" : "MISC", - "url" : "http://www.vbulletin.com/forum/showthread.php?t=166391" - }, - { - "name" : "16128", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16128" - }, - { - "name" : "21373", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a URL in the remote avatar url field, in which the URL generates a parsing error, and possibly requiring a trailing extension such as .jpg." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16128", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16128" + }, + { + "name": "21373", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21373" + }, + { + "name": "http://www.vbulletin.com/forum/showthread.php?t=166391", + "refsource": "MISC", + "url": "http://www.vbulletin.com/forum/showthread.php?t=166391" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/vbulletin-351-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/vbulletin-351-xss-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4858.json b/2005/4xxx/CVE-2005-4858.json index 1294c895e35..c1d7a687577 100644 --- a/2005/4xxx/CVE-2005-4858.json +++ b/2005/4xxx/CVE-2005-4858.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in mimicboard2 (Mimic2) 086 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters associated with the (1) name, (2) title, and (3) comment sections, as demonstrated by referencing a remote document through the SRC attribute of an IFRAME element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://exploitlabs.com/files/advisories/EXPL-A-2005-013-mimic2.txt", - "refsource" : "MISC", - "url" : "http://exploitlabs.com/files/advisories/EXPL-A-2005-013-mimic2.txt" - }, - { - "name" : "14778", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in mimicboard2 (Mimic2) 086 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters associated with the (1) name, (2) title, and (3) comment sections, as demonstrated by referencing a remote document through the SRC attribute of an IFRAME element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14778", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14778" + }, + { + "name": "http://exploitlabs.com/files/advisories/EXPL-A-2005-013-mimic2.txt", + "refsource": "MISC", + "url": "http://exploitlabs.com/files/advisories/EXPL-A-2005-013-mimic2.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0067.json b/2009/0xxx/CVE-2009-0067.json index 00137d3561a..0e9f51ed47f 100644 --- a/2009/0xxx/CVE-2009-0067.json +++ b/2009/0xxx/CVE-2009-0067.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0067", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0067", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2111.json b/2009/2xxx/CVE-2009-2111.json index 7ead1299a22..acc0e41cd87 100644 --- a/2009/2xxx/CVE-2009-2111.json +++ b/2009/2xxx/CVE-2009-2111.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Static code injection vulnerability in add_reg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted (1) url and (2) location parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8951", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8951" - }, - { - "name" : "55119", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55119" - }, - { - "name" : "35419", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35419" - }, - { - "name" : "dbtopsites-addreg-code-execution(51121)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Static code injection vulnerability in add_reg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted (1) url and (2) location parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8951", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8951" + }, + { + "name": "35419", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35419" + }, + { + "name": "55119", + "refsource": "OSVDB", + "url": "http://osvdb.org/55119" + }, + { + "name": "dbtopsites-addreg-code-execution(51121)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51121" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2183.json b/2009/2xxx/CVE-2009-2183.json index 3877abbce14..30a1f49242f 100644 --- a/2009/2xxx/CVE-2009-2183.json +++ b/2009/2xxx/CVE-2009-2183.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in admin-files/ad.php in Campsite 3.3.0 RC1 allows remote attackers to read and possibly execute arbitrary local files via a .. (dot dot) in the GLOBALS[g_campsiteDir] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8995", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8995" - }, - { - "name" : "55312", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55312" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in admin-files/ad.php in Campsite 3.3.0 RC1 allows remote attackers to read and possibly execute arbitrary local files via a .. (dot dot) in the GLOBALS[g_campsiteDir] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8995", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8995" + }, + { + "name": "55312", + "refsource": "OSVDB", + "url": "http://osvdb.org/55312" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2719.json b/2009/2xxx/CVE-2009-2719.json index 16d327c1103..21e0e0cba34 100644 --- a/2009/2xxx/CVE-2009-2719.json +++ b/2009/2xxx/CVE-2009-2719.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" - }, - { - "name" : "http://java.sun.com/javase/6/webnotes/6u15.html", - "refsource" : "CONFIRM", - "url" : "http://java.sun.com/javase/6/webnotes/6u15.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" - }, - { - "name" : "GLSA-200911-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" - }, - { - "name" : "37386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37386" - }, - { - "name" : "37460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37460" - }, - { - "name" : "ADV-2009-3316", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37460" + }, + { + "name": "GLSA-200911-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" + }, + { + "name": "http://java.sun.com/javase/6/webnotes/6u15.html", + "refsource": "CONFIRM", + "url": "http://java.sun.com/javase/6/webnotes/6u15.html" + }, + { + "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" + }, + { + "name": "37386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37386" + }, + { + "name": "ADV-2009-3316", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3316" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3110.json b/2009/3xxx/CVE-2009-3110.json index e048d9b47fa..fcc3416ef47 100644 --- a/2009/3xxx/CVE-2009-3110.json +++ b/2009/3xxx/CVE-2009-3110.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00" - }, - { - "name" : "36113", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36113" - }, - { - "name" : "1022779", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022779" - }, - { - "name" : "36502", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36502" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36502", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36502" + }, + { + "name": "36113", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36113" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00" + }, + { + "name": "1022779", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022779" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3122.json b/2009/3xxx/CVE-2009-3122.json index 1954a6d9b4e..dd6e78aa332 100644 --- a/2009/3xxx/CVE-2009-3122.json +++ b/2009/3xxx/CVE-2009-3122.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Ajax Table module 5.x for Drupal does not perform access control, which allows remote attackers to delete arbitrary users and nodes via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/560298", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/560298" - }, - { - "name" : "36165", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36165" - }, - { - "name" : "57435", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/57435" - }, - { - "name" : "36497", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36497" - }, - { - "name" : "ADV-2009-2452", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2452" - }, - { - "name" : "ajaxtable-unspecified-security-bypass(52818)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52818" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Ajax Table module 5.x for Drupal does not perform access control, which allows remote attackers to delete arbitrary users and nodes via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36165", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36165" + }, + { + "name": "57435", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/57435" + }, + { + "name": "ajaxtable-unspecified-security-bypass(52818)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52818" + }, + { + "name": "36497", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36497" + }, + { + "name": "http://drupal.org/node/560298", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/560298" + }, + { + "name": "ADV-2009-2452", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2452" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3253.json b/2009/3xxx/CVE-2009-3253.json index b1356ef1cd2..33e1c06d41d 100644 --- a/2009/3xxx/CVE-2009-3253.json +++ b/2009/3xxx/CVE-2009-3253.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in TriceraSoft Swift Ultralite 1.032 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in a .M3U playlist file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9546", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9546" - }, - { - "name" : "36508", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in TriceraSoft Swift Ultralite 1.032 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in a .M3U playlist file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36508", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36508" + }, + { + "name": "9546", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9546" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3954.json b/2009/3xxx/CVE-2009-3954.json index 7cd8e38f43a..6c9cdaf24b9 100644 --- a/2009/3xxx/CVE-2009-3954.json +++ b/2009/3xxx/CVE-2009-3954.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3954", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a \"DLL-loading vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2009-3954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-02.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=554293", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=554293" - }, - { - "name" : "RHSA-2010:0060", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0060.html" - }, - { - "name" : "SUSE-SA:2010:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html" - }, - { - "name" : "TA10-013A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-013A.html" - }, - { - "name" : "37761", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37761" - }, - { - "name" : "oval:org.mitre.oval:def:8528", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8528" - }, - { - "name" : "1023446", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023446" - }, - { - "name" : "38138", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38138" - }, - { - "name" : "38215", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38215" - }, - { - "name" : "ADV-2010-0103", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0103" - }, - { - "name" : "acrobat-reader-3d-code-execution(55552)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a \"DLL-loading vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38138", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38138" + }, + { + "name": "acrobat-reader-3d-code-execution(55552)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55552" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-02.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html" + }, + { + "name": "RHSA-2010:0060", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html" + }, + { + "name": "oval:org.mitre.oval:def:8528", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8528" + }, + { + "name": "ADV-2010-0103", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0103" + }, + { + "name": "1023446", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023446" + }, + { + "name": "37761", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37761" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=554293", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293" + }, + { + "name": "38215", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38215" + }, + { + "name": "SUSE-SA:2010:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html" + }, + { + "name": "TA10-013A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4106.json b/2009/4xxx/CVE-2009-4106.json index f7ec0095577..0eeac105cad 100644 --- a/2009/4xxx/CVE-2009-4106.json +++ b/2009/4xxx/CVE-2009-4106.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in admintools/editpage-2.php in Agoko CMS 0.4 and earlier allows remote attackers to inject and execute arbitrary PHP code via the filename and text parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9605", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9605" - }, - { - "name" : "ADV-2009-2613", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2613" - }, - { - "name" : "agokocms-editpage2-file-upload(53113)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in admintools/editpage-2.php in Agoko CMS 0.4 and earlier allows remote attackers to inject and execute arbitrary PHP code via the filename and text parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-2613", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2613" + }, + { + "name": "agokocms-editpage2-file-upload(53113)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53113" + }, + { + "name": "9605", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9605" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4127.json b/2009/4xxx/CVE-2009-4127.json index 3e629b6fbfa..527ec81e8ed 100644 --- a/2009/4xxx/CVE-2009-4127.json +++ b/2009/4xxx/CVE-2009-4127.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Wikipedia Toolbar extension before 0.5.9.2 for Firefox allows user-assisted remote attackers to execute arbitrary JavaScript with Chrome privileges via vectors involving unspecified Toolbar buttons and the eval function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://addons.mozilla.org/en-US/firefox/addons/versions/6401#version-0.5.9.2", - "refsource" : "CONFIRM", - "url" : "https://addons.mozilla.org/en-US/firefox/addons/versions/6401#version-0.5.9.2" - }, - { - "name" : "37038", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37038" - }, - { - "name" : "37377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37377" - }, - { - "name" : "ADV-2009-3268", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3268" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Wikipedia Toolbar extension before 0.5.9.2 for Firefox allows user-assisted remote attackers to execute arbitrary JavaScript with Chrome privileges via vectors involving unspecified Toolbar buttons and the eval function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-3268", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3268" + }, + { + "name": "37377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37377" + }, + { + "name": "https://addons.mozilla.org/en-US/firefox/addons/versions/6401#version-0.5.9.2", + "refsource": "CONFIRM", + "url": "https://addons.mozilla.org/en-US/firefox/addons/versions/6401#version-0.5.9.2" + }, + { + "name": "37038", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37038" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4233.json b/2009/4xxx/CVE-2009-4233.json index 9b7babf9684..d351ad66296 100644 --- a/2009/4xxx/CVE-2009-4233.json +++ b/2009/4xxx/CVE-2009-4233.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4233", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php in the YJ Whois component 1.0x and 1.5.x for Joomla! allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://extensions.joomla.org/extensions/external-contents/domain-search/5774", - "refsource" : "CONFIRM", - "url" : "http://extensions.joomla.org/extensions/external-contents/domain-search/5774" - }, - { - "name" : "http://www.youjoomla.com/joomla_support/yj-whois-module/4950-xss-security-patch-yj-whois.html", - "refsource" : "CONFIRM", - "url" : "http://www.youjoomla.com/joomla_support/yj-whois-module/4950-xss-security-patch-yj-whois.html" - }, - { - "name" : "37525", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php in the YJ Whois component 1.0x and 1.5.x for Joomla! allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37525", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37525" + }, + { + "name": "http://www.youjoomla.com/joomla_support/yj-whois-module/4950-xss-security-patch-yj-whois.html", + "refsource": "CONFIRM", + "url": "http://www.youjoomla.com/joomla_support/yj-whois-module/4950-xss-security-patch-yj-whois.html" + }, + { + "name": "http://extensions.joomla.org/extensions/external-contents/domain-search/5774", + "refsource": "CONFIRM", + "url": "http://extensions.joomla.org/extensions/external-contents/domain-search/5774" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4620.json b/2009/4xxx/CVE-2009-4620.json index 4c781616dfa..cd1004acdff 100644 --- a/2009/4xxx/CVE-2009-4620.json +++ b/2009/4xxx/CVE-2009-4620.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4620", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 for Joomla allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9604", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9604" - }, - { - "name" : "36322", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36322" - }, - { - "name" : "57885", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/57885" - }, - { - "name" : "36654", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36654" - }, - { - "name" : "ADV-2009-2612", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2612" - }, - { - "name" : "joomloc-index-sql-injection(53110)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 for Joomla allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36322", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36322" + }, + { + "name": "36654", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36654" + }, + { + "name": "57885", + "refsource": "OSVDB", + "url": "http://osvdb.org/57885" + }, + { + "name": "ADV-2009-2612", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2612" + }, + { + "name": "joomloc-index-sql-injection(53110)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53110" + }, + { + "name": "9604", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9604" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0146.json b/2015/0xxx/CVE-2015-0146.json index 8f534ce0b87..2095d0603d3 100644 --- a/2015/0xxx/CVE-2015-0146.json +++ b/2015/0xxx/CVE-2015-0146.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Content Collector for Email 3.0 before 3.0.0.6-IBM-ICC-Server-IF001 and 4.0 before 4.0.0.3-IBM-ICC-Server-IF001 does not properly handle an unspecified query operator during searches of IBM FileNet P8 systems with IBM Content Search Services, which allows local users to bypass intended document-access restrictions and obtain sensitive information via a crafted search query." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696594", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696594" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Content Collector for Email 3.0 before 3.0.0.6-IBM-ICC-Server-IF001 and 4.0 before 4.0.0.3-IBM-ICC-Server-IF001 does not properly handle an unspecified query operator during searches of IBM FileNet P8 systems with IBM Content Search Services, which allows local users to bypass intended document-access restrictions and obtain sensitive information via a crafted search query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21696594", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696594" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0369.json b/2015/0xxx/CVE-2015-0369.json index ceb9c07edaa..82ad804fe26 100644 --- a/2015/0xxx/CVE-2015-0369.json +++ b/2015/0xxx/CVE-2015-0369.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to AX/HI Web UI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "72192", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72192" - }, - { - "name" : "1031578", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031578" - }, - { - "name" : "oracle-cpujan2015-cve20150369(100123)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to AX/HI Web UI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-cpujan2015-cve20150369(100123)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100123" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "72192", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72192" + }, + { + "name": "1031578", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031578" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0497.json b/2015/0xxx/CVE-2015-0497.json index 3ba3599e4c6..381baeccc20 100644 --- a/2015/0xxx/CVE-2015-0497.json +++ b/2015/0xxx/CVE-2015-0497.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0497", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise Portal Interaction Hub component in Oracle PeopleSoft Products 9.1.00 allows remote attackers to affect integrity via unknown vectors related to Enterprise Portal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0497", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" - }, - { - "name" : "1032125", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise Portal Interaction Hub component in Oracle PeopleSoft Products 9.1.00 allows remote attackers to affect integrity via unknown vectors related to Enterprise Portal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" + }, + { + "name": "1032125", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032125" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1249.json b/2015/1xxx/CVE-2015-1249.json index 8ed3352876d..e889aed08cf 100644 --- a/2015/1xxx/CVE-2015-1249.json +++ b/2015/1xxx/CVE-2015-1249.json @@ -1,222 +1,222 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers to cause a denial of service or possibly have other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=389595", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=389595" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=400339", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=400339" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=403665", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=403665" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=424957", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=424957" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=430533", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=430533" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=436564", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=436564" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=439992", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=439992" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=442670", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=442670" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=444198", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=444198" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=445305", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=445305" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=447889", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=447889" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=448299", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=448299" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=451058", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=451058" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=451059", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=451059" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=452794", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=452794" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=456636", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=456636" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=458776", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=458776" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=458870", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=458870" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=460939", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=460939" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=462319", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=462319" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=464594", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=464594" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=465586", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=465586" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=469082", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=469082" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=469756", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=469756" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=474254", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=474254" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=476786", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=476786" - }, - { - "name" : "DSA-3238", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3238" - }, - { - "name" : "RHSA-2015:0816", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0816.html" - }, - { - "name" : "openSUSE-SU-2015:1887", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html" - }, - { - "name" : "openSUSE-SU-2015:0748", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html" - }, - { - "name" : "USN-2570-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-2570-1" - }, - { - "name" : "1032209", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers to cause a denial of service or possibly have other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=465586", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=465586" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=444198", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=444198" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=424957", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=424957" + }, + { + "name": "RHSA-2015:0816", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0816.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=442670", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=442670" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=476786", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=476786" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=436564", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=436564" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=462319", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=462319" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=464594", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=464594" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=451059", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=451059" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=448299", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=448299" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=458776", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=458776" + }, + { + "name": "USN-2570-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-2570-1" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=403665", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=403665" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=400339", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=400339" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=469756", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=469756" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=452794", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=452794" + }, + { + "name": "DSA-3238", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3238" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=469082", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=469082" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=445305", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=445305" + }, + { + "name": "openSUSE-SU-2015:1887", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=389595", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=389595" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=451058", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=451058" + }, + { + "name": "1032209", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032209" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=439992", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=439992" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=474254", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=474254" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=430533", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=430533" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=460939", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=460939" + }, + { + "name": "openSUSE-SU-2015:0748", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=447889", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=447889" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=458870", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=458870" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=456636", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=456636" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1503.json b/2015/1xxx/CVE-2015-1503.json index 860ecd760d9..a3d4561205f 100644 --- a/2015/1xxx/CVE-2015-1503.json +++ b/2015/1xxx/CVE-2015-1503.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44587", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44587/" - }, - { - "name" : "http://packetstormsecurity.com/files/147505/IceWarp-Mail-Server-Directory-Traversal.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/147505/IceWarp-Mail-Server-Directory-Traversal.html" - }, - { - "name" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-001/?fid=5614", - "refsource" : "MISC", - "url" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-001/?fid=5614" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-001/?fid=5614", + "refsource": "MISC", + "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-001/?fid=5614" + }, + { + "name": "http://packetstormsecurity.com/files/147505/IceWarp-Mail-Server-Directory-Traversal.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/147505/IceWarp-Mail-Server-Directory-Traversal.html" + }, + { + "name": "44587", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44587/" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1594.json b/2015/1xxx/CVE-2015-1594.json index 70266c28c49..bb1f7e7128f 100644 --- a/2015/1xxx/CVE-2015-1594.json +++ b/2015/1xxx/CVE-2015-1594.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and 5.5 SP4 before HF4; SIMOTION Scout before 4.4; and STARTER before 4.4 HF3 allows local users to gain privileges via a Trojan horse application file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-451236.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-451236.pdf" - }, - { - "name" : "1032039", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032039" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and 5.5 SP4 before HF4; SIMOTION Scout before 4.4; and STARTER before 4.4 HF3 allows local users to gain privileges via a Trojan horse application file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-451236.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-451236.pdf" + }, + { + "name": "1032039", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032039" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4013.json b/2015/4xxx/CVE-2015-4013.json index ebba5f8385c..27d760bf10f 100644 --- a/2015/4xxx/CVE-2015-4013.json +++ b/2015/4xxx/CVE-2015-4013.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4013", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4013", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4638.json b/2015/4xxx/CVE-2015-4638.json index e195a13c468..9dadfc88210 100644 --- a/2015/4xxx/CVE-2015-4638.json +++ b/2015/4xxx/CVE-2015-4638.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4638", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.3.0 through 11.5.2 and 11.6.0 through 11.6.0 HF4, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 through 11.3.0, and BIG-IP PSM 11.2.1 through 11.4.1 allows remote attackers to cause a denial of service (Traffic Management Microkernel restart) via a fragmented packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/kb/en-us/solutions/public/17000/100/sol17155.html", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/kb/en-us/solutions/public/17000/100/sol17155.html" - }, - { - "name" : "1033578", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033578" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.3.0 through 11.5.2 and 11.6.0 through 11.6.0 HF4, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 through 11.3.0, and BIG-IP PSM 11.2.1 through 11.4.1 allows remote attackers to cause a denial of service (Traffic Management Microkernel restart) via a fragmented packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/kb/en-us/solutions/public/17000/100/sol17155.html", + "refsource": "CONFIRM", + "url": "https://support.f5.com/kb/en-us/solutions/public/17000/100/sol17155.html" + }, + { + "name": "1033578", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033578" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5386.json b/2015/5xxx/CVE-2015-5386.json index 0e7c678e9f1..4a64965e607 100644 --- a/2015/5xxx/CVE-2015-5386.json +++ b/2015/5xxx/CVE-2015-5386.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Siemens SICAM MIC devices with firmware before 2404 allow remote attackers to bypass authentication and obtain administrative access via unspecified HTTP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-195-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-195-01" - }, - { - "name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-632547.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-632547.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Siemens SICAM MIC devices with firmware before 2404 allow remote attackers to bypass authentication and obtain administrative access via unspecified HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-195-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-195-01" + }, + { + "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-632547.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-632547.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5636.json b/2015/5xxx/CVE-2015-5636.json index 52a54e68091..bf28df0e256 100644 --- a/2015/5xxx/CVE-2015-5636.json +++ b/2015/5xxx/CVE-2015-5636.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Newphoria Reversi application before 1.0.3 for Android and before 1.2 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-5636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jvn.jp/en/jp/JVN67586379/995707/index.html", - "refsource" : "CONFIRM", - "url" : "http://jvn.jp/en/jp/JVN67586379/995707/index.html" - }, - { - "name" : "JVN#67586379", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN67586379/index.html" - }, - { - "name" : "JVNDB-2015-000134", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000134" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Newphoria Reversi application before 1.0.3 for Android and before 1.2 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2015-000134", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000134" + }, + { + "name": "JVN#67586379", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN67586379/index.html" + }, + { + "name": "http://jvn.jp/en/jp/JVN67586379/995707/index.html", + "refsource": "CONFIRM", + "url": "http://jvn.jp/en/jp/JVN67586379/995707/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5643.json b/2015/5xxx/CVE-2015-5643.json index b77fbd2df78..46449ed7397 100644 --- a/2015/5xxx/CVE-2015-5643.json +++ b/2015/5xxx/CVE-2015-5643.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-5643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://oss.icz.co.jp/news/?p=1073", - "refsource" : "CONFIRM", - "url" : "http://oss.icz.co.jp/news/?p=1073" - }, - { - "name" : "JVN#66984217", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN66984217/index.html" - }, - { - "name" : "JVNDB-2015-000144", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#66984217", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN66984217/index.html" + }, + { + "name": "JVNDB-2015-000144", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000144" + }, + { + "name": "http://oss.icz.co.jp/news/?p=1073", + "refsource": "CONFIRM", + "url": "http://oss.icz.co.jp/news/?p=1073" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5864.json b/2015/5xxx/CVE-2015-5864.json index e0299e5dd72..14149ac5443 100644 --- a/2015/5xxx/CVE-2015-5864.json +++ b/2015/5xxx/CVE-2015-5864.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205267", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205267" - }, - { - "name" : "APPLE-SA-2015-09-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" - }, - { - "name" : "1033703", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033703", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033703" + }, + { + "name": "APPLE-SA-2015-09-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" + }, + { + "name": "https://support.apple.com/HT205267", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205267" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5866.json b/2015/5xxx/CVE-2015-5866.json index f58eb65aabc..a646cf1cf34 100644 --- a/2015/5xxx/CVE-2015-5866.json +++ b/2015/5xxx/CVE-2015-5866.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5866", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IOHIDFamily in Apple OS X before 10.11 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5866", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205267", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205267" - }, - { - "name" : "APPLE-SA-2015-09-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" - }, - { - "name" : "76908", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76908" - }, - { - "name" : "1033703", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IOHIDFamily in Apple OS X before 10.11 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033703", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033703" + }, + { + "name": "APPLE-SA-2015-09-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" + }, + { + "name": "https://support.apple.com/HT205267", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205267" + }, + { + "name": "76908", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76908" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3037.json b/2018/3xxx/CVE-2018-3037.json index 396e344be6c..b417be41d4e 100644 --- a/2018/3xxx/CVE-2018-3037.json +++ b/2018/3xxx/CVE-2018-3037.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Enterprise Limits and Collateral Management", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.3.0" - }, - { - "version_affected" : "=", - "version_value" : "14.0.0" - }, - { - "version_affected" : "=", - "version_value" : "14.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Enterprise Limits and Collateral Management. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Enterprise Limits and Collateral Management." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Enterprise Limits and Collateral Management", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.3.0" + }, + { + "version_affected": "=", + "version_value": "14.0.0" + }, + { + "version_affected": "=", + "version_value": "14.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104801", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104801" - }, - { - "name" : "1041307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Enterprise Limits and Collateral Management. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Enterprise Limits and Collateral Management." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "104801", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104801" + }, + { + "name": "1041307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041307" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3038.json b/2018/3xxx/CVE-2018-3038.json index dbf0fe7983c..2801d3d9c0a 100644 --- a/2018/3xxx/CVE-2018-3038.json +++ b/2018/3xxx/CVE-2018-3038.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Banking Corporate Lending", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.3.0" - }, - { - "version_affected" : "=", - "version_value" : "12.4.0" - }, - { - "version_affected" : "=", - "version_value" : "12.5.0" - }, - { - "version_affected" : "=", - "version_value" : "14.0.0" - }, - { - "version_affected" : "=", - "version_value" : "14.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Corporate Lending", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.3.0" + }, + { + "version_affected": "=", + "version_value": "12.4.0" + }, + { + "version_affected": "=", + "version_value": "12.5.0" + }, + { + "version_affected": "=", + "version_value": "14.0.0" + }, + { + "version_affected": "=", + "version_value": "14.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104795", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104795" - }, - { - "name" : "1041307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "1041307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041307" + }, + { + "name": "104795", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104795" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3230.json b/2018/3xxx/CVE-2018-3230.json index f950b8480fa..cfcd1995b16 100644 --- a/2018/3xxx/CVE-2018-3230.json +++ b/2018/3xxx/CVE-2018-3230.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Outside In Technology", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.5.3" - }, - { - "version_affected" : "=", - "version_value" : "8.5.4" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.5.3" + }, + { + "version_affected": "=", + "version_value": "8.5.4" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105603", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105603" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105603", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105603" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3479.json b/2018/3xxx/CVE-2018-3479.json index 64a51f81f2b..b7e686a0846 100644 --- a/2018/3xxx/CVE-2018-3479.json +++ b/2018/3xxx/CVE-2018-3479.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3479", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3479", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3606.json b/2018/3xxx/CVE-2018-3606.json index 26b22328b56..c928b6bcd72 100644 --- a/2018/3xxx/CVE-2018-3606.json +++ b/2018/3xxx/CVE-2018-3606.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2018-3606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Control Manager", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2018-3606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Control Manager", + "version": { + "version_data": [ + { + "version_value": "6.0" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-083/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-083/" - }, - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-085/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-085/" - }, - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-086/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-086/" - }, - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-089/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-089/" - }, - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-091/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-091/" - }, - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-092/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-092/" - }, - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-093/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-093/" - }, - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-099/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-099/" - }, - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-100/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-100/" - }, - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-101/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-101/" - }, - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-103/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-103/" - }, - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-104/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-104/" - }, - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-105/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-105/" - }, - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-106/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-106/" - }, - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-107/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-107/" - }, - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-108/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-108/" - }, - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-110/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-110/" - }, - { - "name" : "https://success.trendmicro.com/solution/1119158", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1119158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-092/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-092/" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-085/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-085/" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-110/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-110/" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-086/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-086/" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-091/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-091/" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-100/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-100/" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-093/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-093/" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-103/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-103/" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-083/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-083/" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-108/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-108/" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-106/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-106/" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-099/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-099/" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-107/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-107/" + }, + { + "name": "https://success.trendmicro.com/solution/1119158", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1119158" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-105/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-105/" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-089/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-089/" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-101/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-101/" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-104/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-104/" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3710.json b/2018/3xxx/CVE-2018-3710.json index ed510f79990..7d51e0e300d 100644 --- a/2018/3xxx/CVE-2018-3710.json +++ b/2018/3xxx/CVE-2018-3710.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2018-3710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GitLab Community and Enterprise Editions", - "version" : { - "version_data" : [ - { - "version_value" : "8.9 - 10.1.5 Fixed in 10.1.6" - }, - { - "version_value" : "10.2.0 - 10.2.5 Fixed in 10.2.6" - }, - { - "version_value" : "10.3.0 - 10.3.3 Fixed in 10.3.4" - } - ] - } - } - ] - }, - "vendor_name" : "GitLab" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insecure Temporary File (CWE-377)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2018-3710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GitLab Community and Enterprise Editions", + "version": { + "version_data": [ + { + "version_value": "8.9 - 10.1.5 Fixed in 10.1.6" + }, + { + "version_value": "10.2.0 - 10.2.5 Fixed in 10.2.6" + }, + { + "version_value": "10.3.0 - 10.3.3 Fixed in 10.3.4" + } + ] + } + } + ] + }, + "vendor_name": "GitLab" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gitlab.com/gitlab-com/infrastructure/issues/3510", - "refsource" : "MISC", - "url" : "https://gitlab.com/gitlab-com/infrastructure/issues/3510" - }, - { - "name" : "https://hackerone.com/reports/302959", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/302959" - }, - { - "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", - "refsource" : "CONFIRM", - "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/" - }, - { - "name" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/41757", - "refsource" : "CONFIRM", - "url" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/41757" - }, - { - "name" : "DSA-4145", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Temporary File (CWE-377)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-com/infrastructure/issues/3510", + "refsource": "MISC", + "url": "https://gitlab.com/gitlab-com/infrastructure/issues/3510" + }, + { + "name": "DSA-4145", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4145" + }, + { + "name": "https://hackerone.com/reports/302959", + "refsource": "MISC", + "url": "https://hackerone.com/reports/302959" + }, + { + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/41757", + "refsource": "CONFIRM", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/41757" + }, + { + "name": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", + "refsource": "CONFIRM", + "url": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6659.json b/2018/6xxx/CVE-2018-6659.json index 953c0ac6c5e..34034021a8b 100644 --- a/2018/6xxx/CVE-2018-6659.json +++ b/2018/6xxx/CVE-2018-6659.json @@ -1,111 +1,111 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@mcafee.com", - "DATE_PUBLIC" : "2018-03-09T18:00:00.000Z", - "ID" : "CVE-2018-6659", - "STATE" : "PUBLIC", - "TITLE" : "SB10228 ePO Reflected Cross-Site Scripting vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ePolicy Orchestrator (ePO)", - "version" : { - "version_data" : [ - { - "affected" : "=", - "version_name" : "5.3.2", - "version_value" : "5.3.2" - }, - { - "affected" : "=", - "version_name" : "5.3.1", - "version_value" : "5.3.1" - }, - { - "affected" : "=", - "version_name" : "5.3.0", - "version_value" : "5.3.0" - }, - { - "affected" : "=", - "version_name" : "5.9.0", - "version_value" : "5.9.0" - } - ] - } - } - ] - }, - "vendor_name" : "McAfee" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "NETWORK", - "availabilityImpact" : "LOW", - "baseScore" : 3.7, - "baseSeverity" : "LOW", - "confidentialityImpact" : "LOW", - "integrityImpact" : "NONE", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Reflected Cross-Site Scripting vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@mcafee.com", + "DATE_PUBLIC": "2018-03-09T18:00:00.000Z", + "ID": "CVE-2018-6659", + "STATE": "PUBLIC", + "TITLE": "SB10228 ePO Reflected Cross-Site Scripting vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ePolicy Orchestrator (ePO)", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "5.3.2", + "version_value": "5.3.2" + }, + { + "affected": "=", + "version_name": "5.3.1", + "version_value": "5.3.1" + }, + { + "affected": "=", + "version_name": "5.3.0", + "version_value": "5.3.0" + }, + { + "affected": "=", + "version_name": "5.9.0", + "version_value": "5.9.0" + } + ] + } + } + ] + }, + "vendor_name": "McAfee" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10228", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10228" - }, - { - "name" : "103392", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103392" - }, - { - "name" : "1040884", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040884" - } - ] - }, - "source" : { - "advisory" : "SB10228", - "discovery" : "EXTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 3.7, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reflected Cross-Site Scripting vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103392", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103392" + }, + { + "name": "1040884", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040884" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10228", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10228" + } + ] + }, + "source": { + "advisory": "SB10228", + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6668.json b/2018/6xxx/CVE-2018-6668.json index b49c561eaa8..a3a3105800a 100644 --- a/2018/6xxx/CVE-2018-6668.json +++ b/2018/6xxx/CVE-2018-6668.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@mcafee.com", - "ID" : "CVE-2018-6668", - "STATE" : "PUBLIC", - "TITLE" : "Bypass Application Control with simple DLL" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Application and Change Control", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "platform" : "x86", - "version_name" : "7.0.1", - "version_value" : "7.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "McAfee" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows execution bypass, for example, with simple DLL through interpreters such as PowerShell." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "LOCAL", - "availabilityImpact" : "HIGH", - "baseScore" : 6.1, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "NONE", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "whitelist bypass vulnerability " - } + "CVE_data_meta": { + "ASSIGNER": "psirt@mcafee.com", + "ID": "CVE-2018-6668", + "STATE": "PUBLIC", + "TITLE": "Bypass Application Control with simple DLL" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application and Change Control", + "version": { + "version_data": [ + { + "affected": "<=", + "platform": "x86", + "version_name": "7.0.1", + "version_value": "7.0.1" + } + ] + } + } + ] + }, + "vendor_name": "McAfee" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10261", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10261" - }, - { - "name" : "106282", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106282" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "Install or update to McAfee Application and Change Control (MACC) Application 8.0.0 and MACC ePO extension 8.0.0 or later." - } - ], - "source" : { - "advisory" : "SB10261", - "discovery" : "EXTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows execution bypass, for example, with simple DLL through interpreters such as PowerShell." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "whitelist bypass vulnerability " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106282", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106282" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10261", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10261" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Install or update to McAfee Application and Change Control (MACC) Application 8.0.0 and MACC ePO extension 8.0.0 or later." + } + ], + "source": { + "advisory": "SB10261", + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6777.json b/2018/6xxx/CVE-2018-6777.json index 3560f34f661..46039af3ad0 100644 --- a/2018/6xxx/CVE-2018-6777.json +++ b/2018/6xxx/CVE-2018-6777.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220400." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Jiangmin_Antivirus_POC/tree/master/KVFG_220400", - "refsource" : "MISC", - "url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Jiangmin_Antivirus_POC/tree/master/KVFG_220400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220400." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Jiangmin_Antivirus_POC/tree/master/KVFG_220400", + "refsource": "MISC", + "url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Jiangmin_Antivirus_POC/tree/master/KVFG_220400" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7099.json b/2018/7xxx/CVE-2018-7099.json index 4113a459b1a..aa2a57eb797 100644 --- a/2018/7xxx/CVE-2018-7099.json +++ b/2018/7xxx/CVE-2018-7099.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "ID" : "CVE-2018-7099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HPE 3PAR Service Processors", - "version" : { - "version_data" : [ - { - "version_value" : "Prior to SP-4.4.0.GA-110(MU7)" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow disclosure of privileged information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "local disclosure of privileged information" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "ID": "CVE-2018-7099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HPE 3PAR Service Processors", + "version": { + "version_data": [ + { + "version_value": "Prior to SP-4.4.0.GA-110(MU7)" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow disclosure of privileged information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "local disclosure of privileged information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7318.json b/2018/7xxx/CVE-2018-7318.json index bd76f90dbed..8e835d701e0 100644 --- a/2018/7xxx/CVE-2018-7318.json +++ b/2018/7xxx/CVE-2018-7318.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44163", - "refsource" : "EXPLOIT-DB", - "url" : "https://exploit-db.com/exploits/44163" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44163", + "refsource": "EXPLOIT-DB", + "url": "https://exploit-db.com/exploits/44163" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7574.json b/2018/7xxx/CVE-2018-7574.json index c34c4120344..e348aa40d43 100644 --- a/2018/7xxx/CVE-2018-7574.json +++ b/2018/7xxx/CVE-2018-7574.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7574", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7574", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7608.json b/2018/7xxx/CVE-2018-7608.json index 285a748a5dc..3001ffadff5 100644 --- a/2018/7xxx/CVE-2018-7608.json +++ b/2018/7xxx/CVE-2018-7608.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7608", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7608", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7886.json b/2018/7xxx/CVE-2018-7886.json index 08d020ff8b3..726ec4654dc 100644 --- a/2018/7xxx/CVE-2018-7886.json +++ b/2018/7xxx/CVE-2018-7886.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7886", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in CloudMe 1.11.0. An unauthenticated local attacker that can connect to the \"CloudMe Sync\" client application listening on 127.0.0.1 port 8888 can send a malicious payload causing a buffer overflow condition. This will result in code execution, as demonstrated by a TCP reverse shell, or a crash. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-6892." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7886", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44470", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44470/" - }, - { - "name" : "https://0day4u.wordpress.com/2018/03/09/buffer-overflow-on-cloudme-sync-v1-11-0/", - "refsource" : "MISC", - "url" : "https://0day4u.wordpress.com/2018/03/09/buffer-overflow-on-cloudme-sync-v1-11-0/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in CloudMe 1.11.0. An unauthenticated local attacker that can connect to the \"CloudMe Sync\" client application listening on 127.0.0.1 port 8888 can send a malicious payload causing a buffer overflow condition. This will result in code execution, as demonstrated by a TCP reverse shell, or a crash. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-6892." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44470", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44470/" + }, + { + "name": "https://0day4u.wordpress.com/2018/03/09/buffer-overflow-on-cloudme-sync-v1-11-0/", + "refsource": "MISC", + "url": "https://0day4u.wordpress.com/2018/03/09/buffer-overflow-on-cloudme-sync-v1-11-0/" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8316.json b/2018/8xxx/CVE-2018-8316.json index 29bcbd6a6fa..901dcb97769 100644 --- a/2018/8xxx/CVE-2018-8316.json +++ b/2018/8xxx/CVE-2018-8316.json @@ -1,133 +1,133 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Internet Explorer 11", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "Windows 8.1 for x64-based systems" - }, - { - "version_value" : "Windows RT 8.1" - }, - { - "version_value" : "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows Server 2012 R2" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "Internet Explorer 10", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2012" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists when Internet Explorer improperly validates hyperlinks before loading executable libraries, aka \"Internet Explorer Remote Code Execution Vulnerability.\" This affects Internet Explorer 11, Internet Explorer 10." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "Internet Explorer 10", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2012" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8316", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8316" - }, - { - "name" : "105013", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105013" - }, - { - "name" : "1041483", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041483" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Internet Explorer improperly validates hyperlinks before loading executable libraries, aka \"Internet Explorer Remote Code Execution Vulnerability.\" This affects Internet Explorer 11, Internet Explorer 10." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105013", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105013" + }, + { + "name": "1041483", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041483" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8316", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8316" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8626.json b/2018/8xxx/CVE-2018-8626.json index bfde66e9d34..3ca8d37b261 100644 --- a/2018/8xxx/CVE-2018-8626.json +++ b/2018/8xxx/CVE-2018-8626.json @@ -1,140 +1,140 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8626", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2019", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for ARM64-based Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for ARM64-based Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "Version 1809 for x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests, aka \"Windows DNS Server Heap Overflow Vulnerability.\" This affects Windows Server 2012 R2, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "Version 1809 for 32-bit Systems" + }, + { + "version_value": "Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Version 1809 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8626", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8626" - }, - { - "name" : "106076", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106076" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests, aka \"Windows DNS Server Heap Overflow Vulnerability.\" This affects Windows Server 2012 R2, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8626", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8626" + }, + { + "name": "106076", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106076" + } + ] + } +} \ No newline at end of file