From f36f78e83e55c6d4bc4b87dbd750e39d59241141 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:16:29 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/0xxx/CVE-1999-0230.json | 120 +++---- 1999/0xxx/CVE-1999-0386.json | 130 +++---- 1999/0xxx/CVE-1999-0619.json | 34 +- 1999/1xxx/CVE-1999-1084.json | 160 ++++----- 1999/1xxx/CVE-1999-1166.json | 130 +++---- 1999/1xxx/CVE-1999-1510.json | 130 +++---- 2000/0xxx/CVE-2000-0124.json | 120 +++---- 2000/0xxx/CVE-2000-0340.json | 140 ++++---- 2000/0xxx/CVE-2000-0573.json | 250 +++++++------- 2000/0xxx/CVE-2000-0778.json | 160 ++++----- 2000/0xxx/CVE-2000-0844.json | 230 ++++++------- 2000/0xxx/CVE-2000-0929.json | 150 ++++---- 2000/0xxx/CVE-2000-0984.json | 140 ++++---- 2000/1xxx/CVE-2000-1099.json | 150 ++++---- 2005/2xxx/CVE-2005-2244.json | 140 ++++---- 2005/2xxx/CVE-2005-2373.json | 150 ++++---- 2005/2xxx/CVE-2005-2569.json | 130 +++---- 2005/3xxx/CVE-2005-3062.json | 150 ++++---- 2005/3xxx/CVE-2005-3236.json | 200 +++++------ 2005/3xxx/CVE-2005-3444.json | 160 ++++----- 2005/3xxx/CVE-2005-3730.json | 160 ++++----- 2005/3xxx/CVE-2005-3953.json | 170 +++++----- 2005/4xxx/CVE-2005-4501.json | 180 +++++----- 2009/2xxx/CVE-2009-2237.json | 150 ++++---- 2009/2xxx/CVE-2009-2331.json | 140 ++++---- 2009/2xxx/CVE-2009-2361.json | 210 ++++++------ 2009/2xxx/CVE-2009-2691.json | 280 +++++++-------- 2009/2xxx/CVE-2009-2905.json | 270 +++++++-------- 2009/3xxx/CVE-2009-3457.json | 200 +++++------ 2009/3xxx/CVE-2009-3608.json | 640 +++++++++++++++++------------------ 2009/3xxx/CVE-2009-3731.json | 250 +++++++------- 2009/3xxx/CVE-2009-3939.json | 340 +++++++++---------- 2015/0xxx/CVE-2015-0163.json | 34 +- 2015/0xxx/CVE-2015-0349.json | 200 +++++------ 2015/0xxx/CVE-2015-0422.json | 160 ++++----- 2015/0xxx/CVE-2015-0594.json | 150 ++++---- 2015/1xxx/CVE-2015-1511.json | 34 +- 2015/1xxx/CVE-2015-1633.json | 130 +++---- 2015/4xxx/CVE-2015-4370.json | 150 ++++---- 2015/4xxx/CVE-2015-4371.json | 150 ++++---- 2015/4xxx/CVE-2015-4434.json | 34 +- 2015/4xxx/CVE-2015-4692.json | 270 +++++++-------- 2015/4xxx/CVE-2015-4860.json | 460 ++++++++++++------------- 2015/8xxx/CVE-2015-8657.json | 140 ++++---- 2015/9xxx/CVE-2015-9080.json | 34 +- 2015/9xxx/CVE-2015-9159.json | 132 ++++---- 2018/2xxx/CVE-2018-2404.json | 174 +++++----- 2018/2xxx/CVE-2018-2443.json | 34 +- 2018/2xxx/CVE-2018-2718.json | 150 ++++---- 2018/3xxx/CVE-2018-3259.json | 166 ++++----- 2018/6xxx/CVE-2018-6071.json | 162 ++++----- 2018/6xxx/CVE-2018-6567.json | 34 +- 2018/6xxx/CVE-2018-6825.json | 120 +++---- 2018/7xxx/CVE-2018-7043.json | 34 +- 2018/7xxx/CVE-2018-7108.json | 130 +++---- 2018/7xxx/CVE-2018-7156.json | 34 +- 2018/7xxx/CVE-2018-7328.json | 150 ++++---- 2018/7xxx/CVE-2018-7533.json | 130 +++---- 2019/5xxx/CVE-2019-5375.json | 34 +- 2019/5xxx/CVE-2019-5971.json | 34 +- 60 files changed, 4714 insertions(+), 4714 deletions(-) diff --git a/1999/0xxx/CVE-1999-0230.json b/1999/0xxx/CVE-1999-0230.json index a0ecc00250c..2b8897b60e2 100644 --- a/1999/0xxx/CVE-1999-0230.json +++ b/1999/0xxx/CVE-1999-0230.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Cisco 7xx routers through the telnet service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1102", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1102" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Cisco 7xx routers through the telnet service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1102", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1102" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0386.json b/1999/0xxx/CVE-1999-0386.json index 36c7a371bd6..ee749b6dc4c 100644 --- a/1999/0xxx/CVE-1999-0386.json +++ b/1999/0xxx/CVE-1999-0386.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS99-010", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-010" - }, - { - "name" : "111", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/111" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "111", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/111" + }, + { + "name": "MS99-010", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-010" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0619.json b/1999/0xxx/CVE-1999-0619.json index 70e588d7fd1..484e0babc4e 100644 --- a/1999/0xxx/CVE-1999-0619.json +++ b/1999/0xxx/CVE-1999-0619.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0619", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: \"The Telnet service is running.\"" - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-1999-0619", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: \"The Telnet service is running.\"" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1084.json b/1999/1xxx/CVE-1999-1084.json index f90436bdce2..ce5bb17405d 100644 --- a/1999/1xxx/CVE-1999-1084.json +++ b/1999/1xxx/CVE-1999-1084.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"AEDebug\" registry key is installed with insecure permissions, which allows local users to modify the key to specify a Trojan Horse debugger which is automatically executed on a system crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19980622 Yet another \"get yourself admin rights exploit\":", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=90222453431604&w=2" - }, - { - "name" : "Q103861", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/support/kb/articles/q103/8/61.asp" - }, - { - "name" : "MS00-008", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-008" - }, - { - "name" : "K-029", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/k-029.shtml" - }, - { - "name" : "1044", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1044" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"AEDebug\" registry key is installed with insecure permissions, which allows local users to modify the key to specify a Trojan Horse debugger which is automatically executed on a system crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19980622 Yet another \"get yourself admin rights exploit\":", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=90222453431604&w=2" + }, + { + "name": "1044", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1044" + }, + { + "name": "K-029", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/k-029.shtml" + }, + { + "name": "MS00-008", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-008" + }, + { + "name": "Q103861", + "refsource": "MSKB", + "url": "http://support.microsoft.com/support/kb/articles/q103/8/61.asp" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1166.json b/1999/1xxx/CVE-1999-1166.json index 30f25843843..c9368f040a3 100644 --- a/1999/1xxx/CVE-1999-1166.json +++ b/1999/1xxx/CVE-1999-1166.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux 2.0.37 does not properly encode the Custom segment limit, which allows local users to gain root privileges by accessing and modifying kernel memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990711 Linux 2.0.37 segment limit bug", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/18156" - }, - { - "name" : "523", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/523" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux 2.0.37 does not properly encode the Custom segment limit, which allows local users to gain root privileges by accessing and modifying kernel memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "523", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/523" + }, + { + "name": "19990711 Linux 2.0.37 segment limit bug", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/18156" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1510.json b/1999/1xxx/CVE-1999-1510.json index a3f9397b479..e31a41a0281 100644 --- a/1999/1xxx/CVE-1999-1510.json +++ b/1999/1xxx/CVE-1999-1510.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflows in Bisonware FTP server prior to 4.1 allow remote attackers to cause a denial of service, and possibly execute arbitrary commands, via long (1) USER, (2) LIST, or (3) CWD commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990517 Vulnerabilities in BisonWare FTP Server 3.5", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=92697301706956&w=2" - }, - { - "name" : "bisonware-command-bo(3234)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/3234" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflows in Bisonware FTP server prior to 4.1 allow remote attackers to cause a denial of service, and possibly execute arbitrary commands, via long (1) USER, (2) LIST, or (3) CWD commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19990517 Vulnerabilities in BisonWare FTP Server 3.5", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=92697301706956&w=2" + }, + { + "name": "bisonware-command-bo(3234)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/3234" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0124.json b/2000/0xxx/CVE-2000-0124.json index 2be50c7861b..66fc7d6cc7e 100644 --- a/2000/0xxx/CVE-2000-0124.json +++ b/2000/0xxx/CVE-2000-0124.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "surfCONTROL SuperScout does not properly asign a category to web sites with a . (dot) at the end, which may allow users to bypass web access restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "965", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/965" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "surfCONTROL SuperScout does not properly asign a category to web sites with a . (dot) at the end, which may allow users to bypass web access restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "965", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/965" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0340.json b/2000/0xxx/CVE-2000-0340.json index 3ece9631094..42cc128b0c4 100644 --- a/2000/0xxx/CVE-2000-0340.json +++ b/2000/0xxx/CVE-2000-0340.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0340", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to execute arbitrary commands via the DISPLAY environmental variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0340", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000428 SuSE 6.3 Gnomelib buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=00042902575201.09597@wintermute-pub" - }, - { - "name" : "http://www.suse.com/us/support/download/updates/axp_63.html", - "refsource" : "CONFIRM", - "url" : "http://www.suse.com/us/support/download/updates/axp_63.html" - }, - { - "name" : "1155", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1155" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to execute arbitrary commands via the DISPLAY environmental variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1155", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1155" + }, + { + "name": "http://www.suse.com/us/support/download/updates/axp_63.html", + "refsource": "CONFIRM", + "url": "http://www.suse.com/us/support/download/updates/axp_63.html" + }, + { + "name": "20000428 SuSE 6.3 Gnomelib buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=00042902575201.09597@wintermute-pub" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0573.json b/2000/0xxx/CVE-2000-0573.json index aa8df4b66f8..8e3af836207 100644 --- a/2000/0xxx/CVE-2000-0573.json +++ b/2000/0xxx/CVE-2000-0573.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000622 WuFTPD: Providing *remote* root since at least1994", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=96171893218000&w=2" - }, - { - "name" : "20000623 WUFTPD 2.6.0 remote root exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=96179429114160&w=2" - }, - { - "name" : "20000707 New Released Version of the WuFTPD Sploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=96299933720862&w=2" - }, - { - "name" : "20000623 ftpd: the advisory version", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000623091822.3321.qmail@fiver.freemessage.com" - }, - { - "name" : "AA-2000.02", - "refsource" : "AUSCERT", - "url" : "ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2000.02" - }, - { - "name" : "CA-2000-13", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2000-13.html" - }, - { - "name" : "CSSA-2000-020.0", - "refsource" : "CALDERA", - "url" : "http://www.calderasystems.com/support/security/advisories/CSSA-2000-020.0.txt" - }, - { - "name" : "RHSA-2000:039", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2000-039.html" - }, - { - "name" : "20000723 CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-06/0244.html" - }, - { - "name" : "20000702 [Security Announce] wu-ftpd update", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-07/0017.html" - }, - { - "name" : "FreeBSD-SA-00:29", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:29.wu-ftpd.asc.v1.1" - }, - { - "name" : "NetBSD-SA2000-009", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-009.txt.asc" - }, - { - "name" : "1387", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1387" - }, - { - "name" : "wuftp-format-string-stack-overwrite(4773)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/4773" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CA-2000-13", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2000-13.html" + }, + { + "name": "20000707 New Released Version of the WuFTPD Sploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=96299933720862&w=2" + }, + { + "name": "RHSA-2000:039", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2000-039.html" + }, + { + "name": "CSSA-2000-020.0", + "refsource": "CALDERA", + "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-020.0.txt" + }, + { + "name": "20000622 WuFTPD: Providing *remote* root since at least1994", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=96171893218000&w=2" + }, + { + "name": "20000702 [Security Announce] wu-ftpd update", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0017.html" + }, + { + "name": "20000723 CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0244.html" + }, + { + "name": "1387", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1387" + }, + { + "name": "FreeBSD-SA-00:29", + "refsource": "FREEBSD", + "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:29.wu-ftpd.asc.v1.1" + }, + { + "name": "AA-2000.02", + "refsource": "AUSCERT", + "url": "ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2000.02" + }, + { + "name": "20000623 WUFTPD 2.6.0 remote root exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=96179429114160&w=2" + }, + { + "name": "NetBSD-SA2000-009", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-009.txt.asc" + }, + { + "name": "20000623 ftpd: the advisory version", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000623091822.3321.qmail@fiver.freemessage.com" + }, + { + "name": "wuftp-format-string-stack-overwrite(4773)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4773" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0778.json b/2000/0xxx/CVE-2000-0778.json index d31df132bd6..c1ae43c3573 100644 --- a/2000/0xxx/CVE-2000-0778.json +++ b/2000/0xxx/CVE-2000-0778.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0778", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a \"Translate: f\" header, aka the \"Specialized Header\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0778", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS00-058", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-058" - }, - { - "name" : "20000815 Translate:f summary, history and thoughts", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=080D5336D882D211B56B0060080F2CD696A7C9@beta.mia.cz" - }, - { - "name" : "20000816 Translate: f", - "refsource" : "NTBUGTRAQ", - "url" : "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=ntbugtraq&F=&S=&P=5212" - }, - { - "name" : "1578", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1578" - }, - { - "name" : "oval:org.mitre.oval:def:927", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A927" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a \"Translate: f\" header, aka the \"Specialized Header\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000816 Translate: f", + "refsource": "NTBUGTRAQ", + "url": "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=ntbugtraq&F=&S=&P=5212" + }, + { + "name": "MS00-058", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-058" + }, + { + "name": "20000815 Translate:f summary, history and thoughts", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=080D5336D882D211B56B0060080F2CD696A7C9@beta.mia.cz" + }, + { + "name": "1578", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1578" + }, + { + "name": "oval:org.mitre.oval:def:927", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A927" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0844.json b/2000/0xxx/CVE-2000-0844.json index 45d58ca8c2d..d3112787af6 100644 --- a/2000/0xxx/CVE-2000-0844.json +++ b/2000/0xxx/CVE-2000-0844.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000904 UNIX locale format string vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-08/0457.html" - }, - { - "name" : "20000902 glibc: local root exploit", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2000/20000902" - }, - { - "name" : "CSSA-2000-030.0", - "refsource" : "CALDERA", - "url" : "http://www.calderasystems.com/support/security/advisories/CSSA-2000-030.0.txt" - }, - { - "name" : "RHSA-2000:057", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2000-057.html" - }, - { - "name" : "20000906 glibc locale security problem", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/adv5_draht_glibc_txt.html" - }, - { - "name" : "TLSA2000020-1", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html" - }, - { - "name" : "IY13753", - "refsource" : "AIXAPAR", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-10/0427.html" - }, - { - "name" : "SSRT0689U", - "refsource" : "COMPAQ", - "url" : "http://archives.neohapsis.com/archives/tru64/2000-q4/0000.html" - }, - { - "name" : "20000901-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20000901-01-P" - }, - { - "name" : "20000902 Conectiva Linux Security Announcement - glibc", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html" - }, - { - "name" : "1634", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1634" - }, - { - "name" : "unix-locale-format-string(5176)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2000:057", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2000-057.html" + }, + { + "name": "20000906 glibc locale security problem", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/adv5_draht_glibc_txt.html" + }, + { + "name": "20000902 Conectiva Linux Security Announcement - glibc", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html" + }, + { + "name": "SSRT0689U", + "refsource": "COMPAQ", + "url": "http://archives.neohapsis.com/archives/tru64/2000-q4/0000.html" + }, + { + "name": "TLSA2000020-1", + "refsource": "TURBO", + "url": "http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html" + }, + { + "name": "20000902 glibc: local root exploit", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2000/20000902" + }, + { + "name": "20000904 UNIX locale format string vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0457.html" + }, + { + "name": "IY13753", + "refsource": "AIXAPAR", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0427.html" + }, + { + "name": "1634", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1634" + }, + { + "name": "CSSA-2000-030.0", + "refsource": "CALDERA", + "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-030.0.txt" + }, + { + "name": "unix-locale-format-string(5176)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5176" + }, + { + "name": "20000901-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20000901-01-P" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0929.json b/2000/0xxx/CVE-2000-0929.json index b8c47490642..993b74221b7 100644 --- a/2000/0xxx/CVE-2000-0929.json +++ b/2000/0xxx/CVE-2000-0929.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the \"OCX Attachment\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000929 Malformed Embedded Windows Media Player 7 \"OCX Attachment\"", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=97024839222747&w=2" - }, - { - "name" : "MS00-068", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-068" - }, - { - "name" : "1714", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1714" - }, - { - "name" : "mediaplayer-outlook-dos(5309)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5309" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the \"OCX Attachment\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS00-068", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-068" + }, + { + "name": "20000929 Malformed Embedded Windows Media Player 7 \"OCX Attachment\"", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=97024839222747&w=2" + }, + { + "name": "mediaplayer-outlook-dos(5309)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5309" + }, + { + "name": "1714", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1714" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0984.json b/2000/0xxx/CVE-2000-0984.json index 6c6c4d9b138..8114dfa39bb 100644 --- a/2000/0xxx/CVE-2000-0984.json +++ b/2000/0xxx/CVE-2000-0984.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a \"?/\" string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001025 Cisco IOS HTTP Server Query Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml" - }, - { - "name" : "1838", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1838" - }, - { - "name" : "cisco-ios-query-dos(5412)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5412" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a \"?/\" string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20001025 Cisco IOS HTTP Server Query Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml" + }, + { + "name": "1838", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1838" + }, + { + "name": "cisco-ios-query-dos(5412)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5412" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1099.json b/2000/1xxx/CVE-2000-1099.json index b6ecac4ca0d..b77cc17dae1 100644 --- a/2000/1xxx/CVE-2000-1099.json +++ b/2000/1xxx/CVE-2000-1099.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and earlier can allow an untrusted Java class to call into a disallowed class, which could allow an attacker to escape the Java sandbox and conduct unauthorized activities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "00199", - "refsource" : "SUN", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/199&type=0&nav=sec.sba" - }, - { - "name" : "HPSBUX0011-132", - "refsource" : "HP", - "url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0011-132" - }, - { - "name" : "jdk-untrusted-java-class(5605)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5605" - }, - { - "name" : "7255", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and earlier can allow an untrusted Java class to call into a disallowed class, which could allow an attacker to escape the Java sandbox and conduct unauthorized activities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7255", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7255" + }, + { + "name": "00199", + "refsource": "SUN", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/199&type=0&nav=sec.sba" + }, + { + "name": "jdk-untrusted-java-class(5605)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5605" + }, + { + "name": "HPSBUX0011-132", + "refsource": "HP", + "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0011-132" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2244.json b/2005/2xxx/CVE-2005-2244.json index ea7f668cbae..e8e85981fa1 100644 --- a/2005/2xxx/CVE-2005-2244.json +++ b/2005/2xxx/CVE-2005-2244.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to execute arbitrary code or corrupt memory via crafted packets that trigger a memory allocation failure and lead to a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050712 Cisco CallManager Memory Handling Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20050712-ccm.shtml" - }, - { - "name" : "14255", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14255" - }, - { - "name" : "malloc-return-value-dos(19053)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to execute arbitrary code or corrupt memory via crafted packets that trigger a memory allocation failure and lead to a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "malloc-return-value-dos(19053)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19053" + }, + { + "name": "20050712 Cisco CallManager Memory Handling Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20050712-ccm.shtml" + }, + { + "name": "14255", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14255" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2373.json b/2005/2xxx/CVE-2005-2373.json index 703b74eda00..23df6d0f32e 100644 --- a/2005/2xxx/CVE-2005-2373.json +++ b/2005/2xxx/CVE-2005-2373.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote authenticated users to execute arbitrary code via a long directory name to (1) LIST, (2) DELE or (3) RNFR commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050721 Arbitrary code execution in SlimFTPd v3.16", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112196537312610&w=2" - }, - { - "name" : "http://www.whitsoftdev.com/slimftpd/", - "refsource" : "CONFIRM", - "url" : "http://www.whitsoftdev.com/slimftpd/" - }, - { - "name" : "1014542", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014542" - }, - { - "name" : "16177", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16177" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote authenticated users to execute arbitrary code via a long directory name to (1) LIST, (2) DELE or (3) RNFR commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014542", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014542" + }, + { + "name": "http://www.whitsoftdev.com/slimftpd/", + "refsource": "CONFIRM", + "url": "http://www.whitsoftdev.com/slimftpd/" + }, + { + "name": "16177", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16177" + }, + { + "name": "20050721 Arbitrary code execution in SlimFTPd v3.16", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112196537312610&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2569.json b/2005/2xxx/CVE-2005-2569.json index e1cc52a9e9b..8a1aba294ec 100644 --- a/2005/2xxx/CVE-2005-2569.json +++ b/2005/2xxx/CVE-2005-2569.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard 0.66CF, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the fbusername or fbpassword parameter to (1) editpost.php, (2) prefs.php, (3) newtopic.php, (4) reply.php, or (5) profile.php, the (6) fbusername, (7) fmail, (8) www, (9) icq, (10) yim, (11) location, (12) sex, (13) interebbies, (14) sig or (15) aim parameter to register.php, or (16) subject parameter to newtopic.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050808 FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible database username/password disclosure & board takeover, possible remote code execution", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112360702307424&w=2" - }, - { - "name" : "20050813 Re: FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible database username/password disclosure & board takeover, possible remote code execution", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112413891603018&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard 0.66CF, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the fbusername or fbpassword parameter to (1) editpost.php, (2) prefs.php, (3) newtopic.php, (4) reply.php, or (5) profile.php, the (6) fbusername, (7) fmail, (8) www, (9) icq, (10) yim, (11) location, (12) sex, (13) interebbies, (14) sig or (15) aim parameter to register.php, or (16) subject parameter to newtopic.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050808 FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible database username/password disclosure & board takeover, possible remote code execution", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112360702307424&w=2" + }, + { + "name": "20050813 Re: FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible database username/password disclosure & board takeover, possible remote code execution", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112413891603018&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3062.json b/2005/3xxx/CVE-2005-3062.json index 107f7eb5ec7..6decda5f08f 100644 --- a/2005/3xxx/CVE-2005-3062.json +++ b/2005/3xxx/CVE-2005-3062.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index.php in AlstraSoft E-Friends 4.0 allows remote attackers to execute arbitrary PHP code via the mode parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050924 AlstraSoft E-Friends Remote Command Exucetion", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112758134227112&w=2" - }, - { - "name" : "14932", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14932" - }, - { - "name" : "16941", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16941/" - }, - { - "name" : "22", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/22" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index.php in AlstraSoft E-Friends 4.0 allows remote attackers to execute arbitrary PHP code via the mode parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16941", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16941/" + }, + { + "name": "22", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/22" + }, + { + "name": "20050924 AlstraSoft E-Friends Remote Command Exucetion", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112758134227112&w=2" + }, + { + "name": "14932", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14932" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3236.json b/2005/3xxx/CVE-2005-3236.json index 001985cf8b0..07f2ad14e44 100644 --- a/2005/3xxx/CVE-2005-3236.json +++ b/2005/3xxx/CVE-2005-3236.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote attackers to execute arbitrary SQL and obtain administrative access via (1) the fid parameter of newmsg.php, which can enable XSS attacks when the SQL syntax is invalid or (2) the nick parameter of lostpwd.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051008 Cyphor 0.19 SQL Injection / Board takeover / cross site scripting", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112879353805769&w=2" - }, - { - "name" : "15047", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15047" - }, - { - "name" : "19943", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19943" - }, - { - "name" : "19944", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19944" - }, - { - "name" : "19945", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19945" - }, - { - "name" : "1015020", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015020" - }, - { - "name" : "17104", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17104/" - }, - { - "name" : "70", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/70" - }, - { - "name" : "cyphor-lostpwd-newmsg-sql-injection(22552)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote attackers to execute arbitrary SQL and obtain administrative access via (1) the fid parameter of newmsg.php, which can enable XSS attacks when the SQL syntax is invalid or (2) the nick parameter of lostpwd.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015020", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015020" + }, + { + "name": "19944", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19944" + }, + { + "name": "cyphor-lostpwd-newmsg-sql-injection(22552)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22552" + }, + { + "name": "70", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/70" + }, + { + "name": "19945", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19945" + }, + { + "name": "17104", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17104/" + }, + { + "name": "19943", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19943" + }, + { + "name": "15047", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15047" + }, + { + "name": "20051008 Cyphor 0.19 SQL Injection / Board takeover / cross site scripting", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112879353805769&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3444.json b/2005/3xxx/CVE-2005-3444.json index 8b9ff3e70a7..2b240f2751e 100644 --- a/2005/3xxx/CVE-2005-3444.json +++ b/2005/3xxx/CVE-2005-3444.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the Programmatic Interface in Oracle Database Server from 8i up to 9.2.0.5 have unknown impact and attack vectors, aka Oracle Vuln# DB26." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html" - }, - { - "name" : "TA05-292A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-292A.html" - }, - { - "name" : "VU#210524", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/210524" - }, - { - "name" : "15134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15134" - }, - { - "name" : "17250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the Programmatic Interface in Oracle Database Server from 8i up to 9.2.0.5 have unknown impact and attack vectors, aka Oracle Vuln# DB26." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html" + }, + { + "name": "TA05-292A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-292A.html" + }, + { + "name": "15134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15134" + }, + { + "name": "VU#210524", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/210524" + }, + { + "name": "17250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17250" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3730.json b/2005/3xxx/CVE-2005-3730.json index 140865ce13d..5bda4ea323d 100644 --- a/2005/3xxx/CVE-2005-3730.json +++ b/2005/3xxx/CVE-2005-3730.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3730", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in HTTPTranslatorServlet in Idetix Software Systems Revize CMS allow remote attackers to inject arbitrary web script or HTML via the (1) resourcetype, (2) objectmap, and (3) redirect parameters, possibly involving setWebSpace.jsp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3730", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2005/11/revizer-cms-sql-information-disclosure.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2005/11/revizer-cms-sql-information-disclosure.html" - }, - { - "name" : "15484", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15484" - }, - { - "name" : "20922", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20922" - }, - { - "name" : "1015231", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015231" - }, - { - "name" : "17623", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in HTTPTranslatorServlet in Idetix Software Systems Revize CMS allow remote attackers to inject arbitrary web script or HTML via the (1) resourcetype, (2) objectmap, and (3) redirect parameters, possibly involving setWebSpace.jsp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lostmon.blogspot.com/2005/11/revizer-cms-sql-information-disclosure.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2005/11/revizer-cms-sql-information-disclosure.html" + }, + { + "name": "17623", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17623" + }, + { + "name": "15484", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15484" + }, + { + "name": "20922", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20922" + }, + { + "name": "1015231", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015231" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3953.json b/2005/3xxx/CVE-2005-3953.json index 0dcc78e867a..44475c839e8 100644 --- a/2005/3xxx/CVE-2005-3953.json +++ b/2005/3xxx/CVE-2005-3953.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers to execute arbitrary SQL commands via the cwhere parameter to (1) index.php and (2) download.php, or (3) ckode parameter to baca.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/bedengpsp-sql-inj-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/bedengpsp-sql-inj-vuln.html" - }, - { - "name" : "15583", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15583" - }, - { - "name" : "21174", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21174" - }, - { - "name" : "21175", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21175" - }, - { - "name" : "21176", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21176" - }, - { - "name" : "17760", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers to execute arbitrary SQL commands via the cwhere parameter to (1) index.php and (2) download.php, or (3) ckode parameter to baca.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15583", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15583" + }, + { + "name": "17760", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17760" + }, + { + "name": "21175", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21175" + }, + { + "name": "21176", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21176" + }, + { + "name": "21174", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21174" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/bedengpsp-sql-inj-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/bedengpsp-sql-inj-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4501.json b/2005/4xxx/CVE-2005-4501.json index 71b47ab192c..989d33c5fb5 100644 --- a/2005/4xxx/CVE-2005-4501.json +++ b/2005/4xxx/CVE-2005-4501.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MediaWiki before 1.5.4 uses a hard-coded \"internal placeholder string\", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mediawiki.org/wiki/Download", - "refsource" : "CONFIRM", - "url" : "http://www.mediawiki.org/wiki/Download" - }, - { - "name" : "SUSE-SR:2006:003", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html" - }, - { - "name" : "16032", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16032" - }, - { - "name" : "ADV-2005-3059", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3059" - }, - { - "name" : "18219", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18219" - }, - { - "name" : "18717", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18717" - }, - { - "name" : "mediawiki-placeholder-bypass-security(23882)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23882" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MediaWiki before 1.5.4 uses a hard-coded \"internal placeholder string\", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mediawiki.org/wiki/Download", + "refsource": "CONFIRM", + "url": "http://www.mediawiki.org/wiki/Download" + }, + { + "name": "ADV-2005-3059", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3059" + }, + { + "name": "18219", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18219" + }, + { + "name": "mediawiki-placeholder-bypass-security(23882)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23882" + }, + { + "name": "SUSE-SR:2006:003", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html" + }, + { + "name": "16032", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16032" + }, + { + "name": "18717", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18717" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2237.json b/2009/2xxx/CVE-2009-2237.json index f8b998db6b2..606f96ae4b8 100644 --- a/2009/2xxx/CVE-2009-2237.json +++ b/2009/2xxx/CVE-2009-2237.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x-1.4 and 6.x-1.x before 6.x-1.7, a module for Drupal, allows remote attackers to bypass intended access restrictions and modify \"nodes or classes of nodes\" via unknown vectors, probably related to registered procedures (aka actions)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/468450", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/468450" - }, - { - "name" : "35051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35051" - }, - { - "name" : "35117", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35117" - }, - { - "name" : "viewsbulk-unspecified-security-bypass(50659)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50659" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x-1.4 and 6.x-1.x before 6.x-1.7, a module for Drupal, allows remote attackers to bypass intended access restrictions and modify \"nodes or classes of nodes\" via unknown vectors, probably related to registered procedures (aka actions)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/468450", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/468450" + }, + { + "name": "viewsbulk-unspecified-security-bypass(50659)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50659" + }, + { + "name": "35051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35051" + }, + { + "name": "35117", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35117" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2331.json b/2009/2xxx/CVE-2009-2331.json index 8d567291d0e..820188887e7 100644 --- a/2009/2xxx/CVE-2009-2331.json +++ b/2009/2xxx/CVE-2009-2331.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to inject arbitrary PHP code (1) into settings.php via the menu parameter to admin_settings.php or (2) into a content/=NUMBER.php file via the title parameter to admin_new.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9069", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9069" - }, - { - "name" : "55672", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55672" - }, - { - "name" : "55673", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55673" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to inject arbitrary PHP code (1) into settings.php via the menu parameter to admin_settings.php or (2) into a content/=NUMBER.php file via the title parameter to admin_new.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9069", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9069" + }, + { + "name": "55672", + "refsource": "OSVDB", + "url": "http://osvdb.org/55672" + }, + { + "name": "55673", + "refsource": "OSVDB", + "url": "http://osvdb.org/55673" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2361.json b/2009/2xxx/CVE-2009-2361.json index b8200a2ab5c..d5b96514a41 100644 --- a/2009/2xxx/CVE-2009-2361.json +++ b/2009/2xxx/CVE-2009-2361.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090627 osTicket v1.6 RC4 Admin Login Blind SQLi", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504615/100/0/threaded" - }, - { - "name" : "9032", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9032" - }, - { - "name" : "http://www.ngenuity.org/wordpress/2009/06/26/osticket-admin-login-blind-sql-injection/", - "refsource" : "MISC", - "url" : "http://www.ngenuity.org/wordpress/2009/06/26/osticket-admin-login-blind-sql-injection/" - }, - { - "name" : "http://osticket.com/forums/project.php?issueid=118", - "refsource" : "CONFIRM", - "url" : "http://osticket.com/forums/project.php?issueid=118" - }, - { - "name" : "35516", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35516" - }, - { - "name" : "55472", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/55472" - }, - { - "name" : "1022480", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022480" - }, - { - "name" : "35629", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35629" - }, - { - "name" : "ADV-2009-1726", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1726" - }, - { - "name" : "osticket-username-sql-injection(51417)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://osticket.com/forums/project.php?issueid=118", + "refsource": "CONFIRM", + "url": "http://osticket.com/forums/project.php?issueid=118" + }, + { + "name": "55472", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/55472" + }, + { + "name": "9032", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9032" + }, + { + "name": "20090627 osTicket v1.6 RC4 Admin Login Blind SQLi", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504615/100/0/threaded" + }, + { + "name": "http://www.ngenuity.org/wordpress/2009/06/26/osticket-admin-login-blind-sql-injection/", + "refsource": "MISC", + "url": "http://www.ngenuity.org/wordpress/2009/06/26/osticket-admin-login-blind-sql-injection/" + }, + { + "name": "35516", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35516" + }, + { + "name": "osticket-username-sql-injection(51417)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51417" + }, + { + "name": "1022480", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022480" + }, + { + "name": "ADV-2009-1726", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1726" + }, + { + "name": "35629", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35629" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2691.json b/2009/2xxx/CVE-2009-2691.json index 0a29fba8767..afe6760dcf9 100644 --- a/2009/2xxx/CVE-2009-2691.json +++ b/2009/2xxx/CVE-2009-2691.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2691", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local users to read (1) maps and (2) smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20090623 [PATCH 0/1] mm_for_maps: simplify, use ptrace_may_access()", - "refsource" : "MLIST", - "url" : "http://lkml.org/lkml/2009/6/23/652" - }, - { - "name" : "[linux-kernel] 20090623 [PATCH 1/1] mm_for_maps: simplify, use ptrace_may_access()", - "refsource" : "MLIST", - "url" : "http://lkml.org/lkml/2009/6/23/653" - }, - { - "name" : "[linux-kernel] 20090710 [PATCH 1/2] mm_for_maps: shift down_read(mmap_sem) to the caller", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-kernel&m=124718946021193" - }, - { - "name" : "[linux-kernel] 20090710 [PATCH 2/2] mm_for_maps: take ->cred_guard_mutex to fix the race", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-kernel&m=124718949821250" - }, - { - "name" : "[oss-security] 20090811 CVE-2009-2691 kernel: /proc/$pid/maps visible during initial setuid ELF loading", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/08/11/1" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=00f89d218523b9bf6b522349c039d5ac80aa536d", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=00f89d218523b9bf6b522349c039d5ac80aa536d" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=13f0feafa6b8aead57a2a328e2fca6a5828bf286", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=13f0feafa6b8aead57a2a328e2fca6a5828bf286" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=704b836cbf19e885f8366bccb2e4b0474346c02d", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=704b836cbf19e885f8366bccb2e4b0474346c02d" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=516171", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=516171" - }, - { - "name" : "DSA-2005", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2005" - }, - { - "name" : "FEDORA-2009-9044", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html" - }, - { - "name" : "RHSA-2009:1540", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1540.html" - }, - { - "name" : "36019", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36019" - }, - { - "name" : "36265", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36265" - }, - { - "name" : "36501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36501" - }, - { - "name" : "ADV-2009-2246", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2246" - }, - { - "name" : "linux-kernel-mmformaps-info-disclosure(52401)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52401" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local users to read (1) maps and (2) smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[linux-kernel] 20090623 [PATCH 1/1] mm_for_maps: simplify, use ptrace_may_access()", + "refsource": "MLIST", + "url": "http://lkml.org/lkml/2009/6/23/653" + }, + { + "name": "36265", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36265" + }, + { + "name": "[linux-kernel] 20090623 [PATCH 0/1] mm_for_maps: simplify, use ptrace_may_access()", + "refsource": "MLIST", + "url": "http://lkml.org/lkml/2009/6/23/652" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=516171", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=516171" + }, + { + "name": "RHSA-2009:1540", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html" + }, + { + "name": "36019", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36019" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=00f89d218523b9bf6b522349c039d5ac80aa536d", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=00f89d218523b9bf6b522349c039d5ac80aa536d" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=704b836cbf19e885f8366bccb2e4b0474346c02d", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=704b836cbf19e885f8366bccb2e4b0474346c02d" + }, + { + "name": "[oss-security] 20090811 CVE-2009-2691 kernel: /proc/$pid/maps visible during initial setuid ELF loading", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/08/11/1" + }, + { + "name": "[linux-kernel] 20090710 [PATCH 1/2] mm_for_maps: shift down_read(mmap_sem) to the caller", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-kernel&m=124718946021193" + }, + { + "name": "FEDORA-2009-9044", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html" + }, + { + "name": "ADV-2009-2246", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2246" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=13f0feafa6b8aead57a2a328e2fca6a5828bf286", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=13f0feafa6b8aead57a2a328e2fca6a5828bf286" + }, + { + "name": "36501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36501" + }, + { + "name": "DSA-2005", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2005" + }, + { + "name": "linux-kernel-mmformaps-info-disclosure(52401)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52401" + }, + { + "name": "[linux-kernel] 20090710 [PATCH 2/2] mm_for_maps: take ->cred_guard_mutex to fix the race", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-kernel&m=124718949821250" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2905.json b/2009/2xxx/CVE-2009-2905.json index 03000553f39..0d51c895fd5 100644 --- a/2009/2xxx/CVE-2009-2905.json +++ b/2009/2xxx/CVE-2009-2905.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2905", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-2905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" - }, - { - "name" : "http://security.debian.org/pool/updates/main/n/newt/newt_0.52.2-10+etch1.diff.gz", - "refsource" : "CONFIRM", - "url" : "http://security.debian.org/pool/updates/main/n/newt/newt_0.52.2-10+etch1.diff.gz" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=523955", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=523955" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100067251", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100067251" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" - }, - { - "name" : "DSA-1894", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1894" - }, - { - "name" : "RHSA-2009:1463", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1463.html" - }, - { - "name" : "SUSE-SR:2009:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" - }, - { - "name" : "USN-837-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-837-1" - }, - { - "name" : "36515", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36515" - }, - { - "name" : "oval:org.mitre.oval:def:8556", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8556" - }, - { - "name" : "oval:org.mitre.oval:def:9664", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9664" - }, - { - "name" : "37922", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37922" - }, - { - "name" : "38794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38794" - }, - { - "name" : "38833", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38833" - }, - { - "name" : "ADV-2010-0528", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38794" + }, + { + "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" + }, + { + "name": "DSA-1894", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1894" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=523955", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=523955" + }, + { + "name": "RHSA-2009:1463", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1463.html" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100067251", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100067251" + }, + { + "name": "36515", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36515" + }, + { + "name": "http://security.debian.org/pool/updates/main/n/newt/newt_0.52.2-10+etch1.diff.gz", + "refsource": "CONFIRM", + "url": "http://security.debian.org/pool/updates/main/n/newt/newt_0.52.2-10+etch1.diff.gz" + }, + { + "name": "oval:org.mitre.oval:def:8556", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8556" + }, + { + "name": "oval:org.mitre.oval:def:9664", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9664" + }, + { + "name": "37922", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37922" + }, + { + "name": "USN-837-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-837-1" + }, + { + "name": "38833", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38833" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" + }, + { + "name": "SUSE-SR:2009:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" + }, + { + "name": "ADV-2010-0528", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0528" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3457.json b/2009/3xxx/CVE-2009-3457.json index b23ea1065a6..2bae3a8e37f 100644 --- a/2009/3xxx/CVE-2009-3457.json +++ b/2009/3xxx/CVE-2009-3457.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by (1) an OPTIONS request or (2) a crafted GET request, leading to a Message-handling Errors message containing a certain client intranet IP address, aka Bug ID CSCtb82159." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090925 Cisco ACE XML Gateway <= 6.0 Internal IP disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/506716/100/0/threaded" - }, - { - "name" : "20090924 Cisco ACE XML Gateway <= 6.0 Internal IP disclosure", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2009/Sep/0369.html" - }, - { - "name" : "http://www.brainoverflow.org/advisories/cisco_ace_xml_gw_ip_disclosure.txt", - "refsource" : "MISC", - "url" : "http://www.brainoverflow.org/advisories/cisco_ace_xml_gw_ip_disclosure.txt" - }, - { - "name" : "20090925 Unmatched Request Discloses Client Internal IP Address", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_response09186a0080af8965.html" - }, - { - "name" : "36522", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36522" - }, - { - "name" : "1022949", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022949" - }, - { - "name" : "36879", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36879" - }, - { - "name" : "ADV-2009-2778", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2778" - }, - { - "name" : "cisco-ace-ipaddress-info-disclosure(53482)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by (1) an OPTIONS request or (2) a crafted GET request, leading to a Message-handling Errors message containing a certain client intranet IP address, aka Bug ID CSCtb82159." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.brainoverflow.org/advisories/cisco_ace_xml_gw_ip_disclosure.txt", + "refsource": "MISC", + "url": "http://www.brainoverflow.org/advisories/cisco_ace_xml_gw_ip_disclosure.txt" + }, + { + "name": "20090925 Unmatched Request Discloses Client Internal IP Address", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080af8965.html" + }, + { + "name": "20090924 Cisco ACE XML Gateway <= 6.0 Internal IP disclosure", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2009/Sep/0369.html" + }, + { + "name": "ADV-2009-2778", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2778" + }, + { + "name": "cisco-ace-ipaddress-info-disclosure(53482)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53482" + }, + { + "name": "20090925 Cisco ACE XML Gateway <= 6.0 Internal IP disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/506716/100/0/threaded" + }, + { + "name": "36522", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36522" + }, + { + "name": "36879", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36879" + }, + { + "name": "1022949", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022949" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3608.json b/2009/3xxx/CVE-2009-3608.json index a4afec1a93f..bf21e562456 100644 --- a/2009/3xxx/CVE-2009-3608.json +++ b/2009/3xxx/CVE-2009-3608.json @@ -1,322 +1,322 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3608", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20091130 Need more information on recent poppler issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/12/01/1" - }, - { - "name" : "[oss-security] 20091130 Re: Need more information on recent poppler issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/12/01/5" - }, - { - "name" : "[oss-security] 20091201 Re: Need more information on recent poppler issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/12/01/6" - }, - { - "name" : "http://www.ocert.org/advisories/ocert-2009-016.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2009-016.html" - }, - { - "name" : "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch" - }, - { - "name" : "http://poppler.freedesktop.org/", - "refsource" : "CONFIRM", - "url" : "http://poppler.freedesktop.org/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=526637", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=526637" - }, - { - "name" : "DSA-1941", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1941" - }, - { - "name" : "DSA-2028", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2028" - }, - { - "name" : "DSA-2050", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2050" - }, - { - "name" : "FEDORA-2009-10823", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html" - }, - { - "name" : "FEDORA-2009-10845", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html" - }, - { - "name" : "FEDORA-2010-1377", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html" - }, - { - "name" : "FEDORA-2010-1805", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html" - }, - { - "name" : "FEDORA-2010-1842", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html" - }, - { - "name" : "MDVSA-2009:287", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287" - }, - { - "name" : "MDVSA-2009:334", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334" - }, - { - "name" : "MDVSA-2011:175", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175" - }, - { - "name" : "RHSA-2009:1501", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1501.html" - }, - { - "name" : "RHSA-2009:1502", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1502.html" - }, - { - "name" : "RHSA-2009:1503", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1503.html" - }, - { - "name" : "RHSA-2009:1504", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1504.html" - }, - { - "name" : "RHSA-2009:1512", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1512.html" - }, - { - "name" : "RHSA-2009:1513", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1513.html" - }, - { - "name" : "274030", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1" - }, - { - "name" : "1021706", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1" - }, - { - "name" : "SUSE-SR:2009:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" - }, - { - "name" : "USN-850-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-850-1" - }, - { - "name" : "USN-850-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-850-3" - }, - { - "name" : "36703", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36703" - }, - { - "name" : "oval:org.mitre.oval:def:9536", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536" - }, - { - "name" : "1023029", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023029" - }, - { - "name" : "37028", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37028" - }, - { - "name" : "37034", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37034" - }, - { - "name" : "37037", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37037" - }, - { - "name" : "37043", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37043" - }, - { - "name" : "37051", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37051" - }, - { - "name" : "37053", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37053" - }, - { - "name" : "37054", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37054" - }, - { - "name" : "37061", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37061" - }, - { - "name" : "37077", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37077" - }, - { - "name" : "37079", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37079" - }, - { - "name" : "37159", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37159" - }, - { - "name" : "37114", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37114" - }, - { - "name" : "39327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39327" - }, - { - "name" : "39938", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39938" - }, - { - "name" : "ADV-2009-2924", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2924" - }, - { - "name" : "ADV-2009-2925", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2925" - }, - { - "name" : "ADV-2009-2926", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2926" - }, - { - "name" : "ADV-2009-2928", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2928" - }, - { - "name" : "ADV-2010-0802", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0802" - }, - { - "name" : "ADV-2010-1220", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1220" - }, - { - "name" : "xpdf-objectstream-bo(53794)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53794" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39938", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39938" + }, + { + "name": "RHSA-2009:1504", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1504.html" + }, + { + "name": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch", + "refsource": "CONFIRM", + "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch" + }, + { + "name": "DSA-1941", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1941" + }, + { + "name": "MDVSA-2009:287", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=526637", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526637" + }, + { + "name": "[oss-security] 20091201 Re: Need more information on recent poppler issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/12/01/6" + }, + { + "name": "37028", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37028" + }, + { + "name": "FEDORA-2010-1377", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html" + }, + { + "name": "FEDORA-2009-10823", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html" + }, + { + "name": "http://poppler.freedesktop.org/", + "refsource": "CONFIRM", + "url": "http://poppler.freedesktop.org/" + }, + { + "name": "RHSA-2009:1501", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html" + }, + { + "name": "37079", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37079" + }, + { + "name": "SUSE-SR:2009:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" + }, + { + "name": "DSA-2028", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2028" + }, + { + "name": "DSA-2050", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2050" + }, + { + "name": "[oss-security] 20091130 Need more information on recent poppler issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/12/01/1" + }, + { + "name": "37159", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37159" + }, + { + "name": "37054", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37054" + }, + { + "name": "FEDORA-2010-1805", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html" + }, + { + "name": "1021706", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1" + }, + { + "name": "FEDORA-2009-10845", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html" + }, + { + "name": "RHSA-2009:1512", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html" + }, + { + "name": "37114", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37114" + }, + { + "name": "37077", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37077" + }, + { + "name": "1023029", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023029" + }, + { + "name": "RHSA-2009:1503", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html" + }, + { + "name": "ADV-2009-2926", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2926" + }, + { + "name": "MDVSA-2011:175", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175" + }, + { + "name": "37037", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37037" + }, + { + "name": "USN-850-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-850-3" + }, + { + "name": "ADV-2010-0802", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0802" + }, + { + "name": "RHSA-2009:1502", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html" + }, + { + "name": "FEDORA-2010-1842", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html" + }, + { + "name": "xpdf-objectstream-bo(53794)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53794" + }, + { + "name": "ADV-2009-2928", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2928" + }, + { + "name": "RHSA-2009:1513", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1513.html" + }, + { + "name": "37034", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37034" + }, + { + "name": "[oss-security] 20091130 Re: Need more information on recent poppler issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/12/01/5" + }, + { + "name": "ADV-2009-2924", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2924" + }, + { + "name": "37051", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37051" + }, + { + "name": "274030", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1" + }, + { + "name": "ADV-2010-1220", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1220" + }, + { + "name": "USN-850-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-850-1" + }, + { + "name": "37053", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37053" + }, + { + "name": "37061", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37061" + }, + { + "name": "39327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39327" + }, + { + "name": "37043", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37043" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2009-016.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2009-016.html" + }, + { + "name": "oval:org.mitre.oval:def:9536", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536" + }, + { + "name": "36703", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36703" + }, + { + "name": "ADV-2009-2925", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2925" + }, + { + "name": "MDVSA-2009:334", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3731.json b/2009/3xxx/CVE-2009-3731.json index 08e2e960a50..033790dccf2 100644 --- a/2009/3xxx/CVE-2009-3731.json +++ b/2009/3xxx/CVE-2009-3731.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3731", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3731", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091215 VMSA-2009-0017 VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2009-12/0229.html" - }, - { - "name" : "20100304 CA20100304-01: Security Notice for CA SiteMinder", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509883/100/0/threaded" - }, - { - "name" : "[security-announce] 20091215 VMSA-2009-0017 VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2009/000073.html" - }, - { - "name" : "http://www.webworks.com/Security/2009-0001/", - "refsource" : "CONFIRM", - "url" : "http://www.webworks.com/Security/2009-0001/" - }, - { - "name" : "37346", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37346" - }, - { - "name" : "62738", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/62738" - }, - { - "name" : "62739", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/62739" - }, - { - "name" : "62740", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/62740" - }, - { - "name" : "62741", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/62741" - }, - { - "name" : "62742", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/62742" - }, - { - "name" : "oval:org.mitre.oval:def:5944", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5944" - }, - { - "name" : "1023683", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023683" - }, - { - "name" : "38749", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38749" - }, - { - "name" : "38842", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38842" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20091215 VMSA-2009-0017 VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2009-12/0229.html" + }, + { + "name": "http://www.webworks.com/Security/2009-0001/", + "refsource": "CONFIRM", + "url": "http://www.webworks.com/Security/2009-0001/" + }, + { + "name": "1023683", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023683" + }, + { + "name": "62738", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/62738" + }, + { + "name": "37346", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37346" + }, + { + "name": "38749", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38749" + }, + { + "name": "62742", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/62742" + }, + { + "name": "oval:org.mitre.oval:def:5944", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5944" + }, + { + "name": "20100304 CA20100304-01: Security Notice for CA SiteMinder", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509883/100/0/threaded" + }, + { + "name": "62741", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/62741" + }, + { + "name": "38842", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38842" + }, + { + "name": "62739", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/62739" + }, + { + "name": "[security-announce] 20091215 VMSA-2009-0017 VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2009/000073.html" + }, + { + "name": "62740", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/62740" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3939.json b/2009/3xxx/CVE-2009-3939.json index 21f070c3b0c..b7c815127ee 100644 --- a/2009/3xxx/CVE-2009-3939.json +++ b/2009/3xxx/CVE-2009-3939.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3939", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20091113 CVE request: kernel: bad permissions on megaraid_sas sysfs files", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/11/13/1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=526068", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=526068" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100073666", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100073666" - }, - { - "name" : "DSA-1996", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-1996" - }, - { - "name" : "RHSA-2010:0046", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0046.html" - }, - { - "name" : "RHSA-2010:0095", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0095.html" - }, - { - "name" : "SUSE-SA:2009:061", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html" - }, - { - "name" : "SUSE-SA:2009:064", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html" - }, - { - "name" : "SUSE-SA:2010:001", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html" - }, - { - "name" : "SUSE-SA:2010:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html" - }, - { - "name" : "SUSE-SA:2010:010", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html" - }, - { - "name" : "SUSE-SA:2010:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html" - }, - { - "name" : "SUSE-SA:2010:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html" - }, - { - "name" : "USN-864-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-864-1" - }, - { - "name" : "37019", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37019" - }, - { - "name" : "60201", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/60201" - }, - { - "name" : "oval:org.mitre.oval:def:10310", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310" - }, - { - "name" : "oval:org.mitre.oval:def:7540", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540" - }, - { - "name" : "37909", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37909" - }, - { - "name" : "38017", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38017" - }, - { - "name" : "38492", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38492" - }, - { - "name" : "38276", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38276" - }, - { - "name" : "38779", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38779" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38276", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38276" + }, + { + "name": "SUSE-SA:2009:061", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html" + }, + { + "name": "USN-864-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-864-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=526068", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526068" + }, + { + "name": "SUSE-SA:2010:001", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html" + }, + { + "name": "38779", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38779" + }, + { + "name": "37019", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37019" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100073666", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100073666" + }, + { + "name": "SUSE-SA:2010:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html" + }, + { + "name": "37909", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37909" + }, + { + "name": "SUSE-SA:2010:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html" + }, + { + "name": "SUSE-SA:2009:064", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html" + }, + { + "name": "DSA-1996", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-1996" + }, + { + "name": "[oss-security] 20091113 CVE request: kernel: bad permissions on megaraid_sas sysfs files", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/11/13/1" + }, + { + "name": "oval:org.mitre.oval:def:10310", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310" + }, + { + "name": "RHSA-2010:0095", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html" + }, + { + "name": "SUSE-SA:2010:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html" + }, + { + "name": "60201", + "refsource": "OSVDB", + "url": "http://osvdb.org/60201" + }, + { + "name": "RHSA-2010:0046", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0046.html" + }, + { + "name": "oval:org.mitre.oval:def:7540", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540" + }, + { + "name": "SUSE-SA:2010:010", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html" + }, + { + "name": "38017", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38017" + }, + { + "name": "38492", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38492" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0163.json b/2015/0xxx/CVE-2015-0163.json index 127bea11928..a5401fc37f3 100644 --- a/2015/0xxx/CVE-2015-0163.json +++ b/2015/0xxx/CVE-2015-0163.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0163", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-0163", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0349.json b/2015/0xxx/CVE-2015-0349.json index 6308a6adfb6..4ef13529273 100644 --- a/2015/0xxx/CVE-2015-0349.json +++ b/2015/0xxx/CVE-2015-0349.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0351, CVE-2015-0358, and CVE-2015-3039." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-0349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html" - }, - { - "name" : "GLSA-201504-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-07" - }, - { - "name" : "RHSA-2015:0813", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0813.html" - }, - { - "name" : "SUSE-SU-2015:0722", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html" - }, - { - "name" : "SUSE-SU-2015:0723", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html" - }, - { - "name" : "openSUSE-SU-2015:0718", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html" - }, - { - "name" : "openSUSE-SU-2015:0725", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html" - }, - { - "name" : "74064", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74064" - }, - { - "name" : "1032105", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0351, CVE-2015-0358, and CVE-2015-3039." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:0718", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html" + }, + { + "name": "SUSE-SU-2015:0722", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html" + }, + { + "name": "GLSA-201504-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-07" + }, + { + "name": "1032105", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032105" + }, + { + "name": "RHSA-2015:0813", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0813.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html" + }, + { + "name": "openSUSE-SU-2015:0725", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html" + }, + { + "name": "74064", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74064" + }, + { + "name": "SUSE-SU-2015:0723", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0422.json b/2015/0xxx/CVE-2015-0422.json index 044e9786fd4..2d044a4d6fc 100644 --- a/2015/0xxx/CVE-2015-0422.json +++ b/2015/0xxx/CVE-2015-0422.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Infrastructure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "72127", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72127" - }, - { - "name" : "1031576", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031576" - }, - { - "name" : "62506", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62506" - }, - { - "name" : "oracle-cpujan2015-cve20150422(100108)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100108" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Infrastructure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "62506", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62506" + }, + { + "name": "1031576", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031576" + }, + { + "name": "72127", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72127" + }, + { + "name": "oracle-cpujan2015-cve20150422(100108)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100108" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0594.json b/2015/0xxx/CVE-2015-0594.json index f1eecde0e7e..6386b980610 100644 --- a/2015/0xxx/CVE-2015-0594.json +++ b/2015/0xxx/CVE-2015-0594.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq54654 and CSCun18263." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150226 Cisco Common Services Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0594" - }, - { - "name" : "72793", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72793" - }, - { - "name" : "1031813", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031813" - }, - { - "name" : "1031814", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031814" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq54654 and CSCun18263." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031813", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031813" + }, + { + "name": "1031814", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031814" + }, + { + "name": "20150226 Cisco Common Services Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0594" + }, + { + "name": "72793", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72793" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1511.json b/2015/1xxx/CVE-2015-1511.json index a5939aa3d8b..a1631e953af 100644 --- a/2015/1xxx/CVE-2015-1511.json +++ b/2015/1xxx/CVE-2015-1511.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1511", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1511", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1633.json b/2015/1xxx/CVE-2015-1633.json index d504e3c84bb..4cbdc8cbf8a 100644 --- a/2015/1xxx/CVE-2015-1633.json +++ b/2015/1xxx/CVE-2015-1633.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka \"Microsoft SharePoint XSS Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-022", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022" - }, - { - "name" : "1031895", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka \"Microsoft SharePoint XSS Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-022", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022" + }, + { + "name": "1031895", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031895" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4370.json b/2015/4xxx/CVE-2015-4370.json index a90989aae2b..706880625be 100644 --- a/2015/4xxx/CVE-2015-4370.json +++ b/2015/4xxx/CVE-2015-4370.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4370", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Site Documentation module before 6.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4370", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/04/25/6" - }, - { - "name" : "https://www.drupal.org/node/2450387", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2450387" - }, - { - "name" : "https://www.drupal.org/node/2450321", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2450321" - }, - { - "name" : "73051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73051" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Site Documentation module before 6.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2450321", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2450321" + }, + { + "name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/04/25/6" + }, + { + "name": "73051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73051" + }, + { + "name": "https://www.drupal.org/node/2450387", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2450387" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4371.json b/2015/4xxx/CVE-2015-4371.json index 46e2afab827..d5683691e20 100644 --- a/2015/4xxx/CVE-2015-4371.json +++ b/2015/4xxx/CVE-2015-4371.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in the Perfecto module before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/04/25/6" - }, - { - "name" : "https://www.drupal.org/node/2450391", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2450391" - }, - { - "name" : "https://www.drupal.org/node/2449877", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2449877" - }, - { - "name" : "73050", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73050" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in the Perfecto module before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2450391", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2450391" + }, + { + "name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/04/25/6" + }, + { + "name": "https://www.drupal.org/node/2449877", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2449877" + }, + { + "name": "73050", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73050" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4434.json b/2015/4xxx/CVE-2015-4434.json index 9f2e3991b2b..31206fc99c6 100644 --- a/2015/4xxx/CVE-2015-4434.json +++ b/2015/4xxx/CVE-2015-4434.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4434", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-4434", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4692.json b/2015/4xxx/CVE-2015-4692.json index 90cee95f3ea..ca4ce96ff8d 100644 --- a/2015/4xxx/CVE-2015-4692.json +++ b/2015/4xxx/CVE-2015-4692.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150620 Re: CVE request -- Linux kernel - kvm: x86: NULL pointer dereference in kvm_apic_has_events function", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/06/21/1" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1230770", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1230770" - }, - { - "name" : "https://github.com/torvalds/linux/commit/ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009" - }, - { - "name" : "DSA-3329", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3329" - }, - { - "name" : "FEDORA-2015-10677", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160829.html" - }, - { - "name" : "FEDORA-2015-10678", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161144.html" - }, - { - "name" : "SUSE-SU-2015:1324", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html" - }, - { - "name" : "openSUSE-SU-2015:1382", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html" - }, - { - "name" : "USN-2680-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2680-1" - }, - { - "name" : "USN-2681-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2681-1" - }, - { - "name" : "USN-2682-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2682-1" - }, - { - "name" : "USN-2683-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2683-1" - }, - { - "name" : "USN-2684-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2684-1" - }, - { - "name" : "75142", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75142" - }, - { - "name" : "1032798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150620 Re: CVE request -- Linux kernel - kvm: x86: NULL pointer dereference in kvm_apic_has_events function", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/06/21/1" + }, + { + "name": "USN-2680-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2680-1" + }, + { + "name": "USN-2682-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2682-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1230770", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1230770" + }, + { + "name": "https://github.com/torvalds/linux/commit/ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009" + }, + { + "name": "SUSE-SU-2015:1324", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html" + }, + { + "name": "DSA-3329", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3329" + }, + { + "name": "FEDORA-2015-10678", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161144.html" + }, + { + "name": "openSUSE-SU-2015:1382", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html" + }, + { + "name": "USN-2684-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2684-1" + }, + { + "name": "USN-2681-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2681-1" + }, + { + "name": "USN-2683-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2683-1" + }, + { + "name": "75142", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75142" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009" + }, + { + "name": "1032798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032798" + }, + { + "name": "FEDORA-2015-10677", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160829.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4860.json b/2015/4xxx/CVE-2015-4860.json index 06a08ae0ade..d51652d8ced 100644 --- a/2015/4xxx/CVE-2015-4860.json +++ b/2015/4xxx/CVE-2015-4860.json @@ -1,232 +1,232 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4860", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "DSA-3381", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3381" - }, - { - "name" : "GLSA-201603-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-11" - }, - { - "name" : "GLSA-201603-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-14" - }, - { - "name" : "RHSA-2016:1430", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1430" - }, - { - "name" : "RHSA-2015:2506", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2506.html" - }, - { - "name" : "RHSA-2015:2507", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2507.html" - }, - { - "name" : "RHSA-2015:2508", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2508.html" - }, - { - "name" : "RHSA-2015:2509", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2509.html" - }, - { - "name" : "RHSA-2015:2518", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2518.html" - }, - { - "name" : "RHSA-2015:1919", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1919.html" - }, - { - "name" : "RHSA-2015:1920", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1920.html" - }, - { - "name" : "RHSA-2015:1921", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1921.html" - }, - { - "name" : "RHSA-2015:1926", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1926.html" - }, - { - "name" : "RHSA-2015:1927", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1927.html" - }, - { - "name" : "RHSA-2015:1928", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1928.html" - }, - { - "name" : "SUSE-SU-2016:0113", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html" - }, - { - "name" : "openSUSE-SU-2016:0270", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" - }, - { - "name" : "SUSE-SU-2015:2166", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html" - }, - { - "name" : "SUSE-SU-2015:2168", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html" - }, - { - "name" : "SUSE-SU-2015:2182", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html" - }, - { - "name" : "SUSE-SU-2015:2192", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html" - }, - { - "name" : "SUSE-SU-2015:2216", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html" - }, - { - "name" : "SUSE-SU-2015:2268", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html" - }, - { - "name" : "SUSE-SU-2015:1874", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00000.html" - }, - { - "name" : "SUSE-SU-2015:1875", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00001.html" - }, - { - "name" : "openSUSE-SU-2015:1902", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00008.html" - }, - { - "name" : "openSUSE-SU-2015:1905", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html" - }, - { - "name" : "openSUSE-SU-2015:1906", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00010.html" - }, - { - "name" : "openSUSE-SU-2015:1971", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00019.html" - }, - { - "name" : "USN-2827-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2827-1" - }, - { - "name" : "USN-2784-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2784-1" - }, - { - "name" : "77162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77162" - }, - { - "name" : "1033884", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033884" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2015:2182", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html" + }, + { + "name": "USN-2784-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2784-1" + }, + { + "name": "openSUSE-SU-2015:1905", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html" + }, + { + "name": "SUSE-SU-2015:2192", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html" + }, + { + "name": "openSUSE-SU-2015:1906", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00010.html" + }, + { + "name": "RHSA-2015:2507", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2507.html" + }, + { + "name": "RHSA-2015:1928", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1928.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "RHSA-2016:1430", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1430" + }, + { + "name": "RHSA-2015:2506", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2506.html" + }, + { + "name": "RHSA-2015:2509", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2509.html" + }, + { + "name": "1033884", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033884" + }, + { + "name": "SUSE-SU-2015:2166", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "openSUSE-SU-2016:0270", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" + }, + { + "name": "RHSA-2015:1919", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1919.html" + }, + { + "name": "GLSA-201603-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-11" + }, + { + "name": "openSUSE-SU-2015:1902", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00008.html" + }, + { + "name": "RHSA-2015:1920", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1920.html" + }, + { + "name": "RHSA-2015:2518", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2518.html" + }, + { + "name": "GLSA-201603-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-14" + }, + { + "name": "SUSE-SU-2015:2216", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html" + }, + { + "name": "RHSA-2015:1927", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1927.html" + }, + { + "name": "openSUSE-SU-2015:1971", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00019.html" + }, + { + "name": "SUSE-SU-2015:2268", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html" + }, + { + "name": "SUSE-SU-2015:2168", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html" + }, + { + "name": "RHSA-2015:1921", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1921.html" + }, + { + "name": "SUSE-SU-2015:1874", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00000.html" + }, + { + "name": "DSA-3381", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3381" + }, + { + "name": "RHSA-2015:1926", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1926.html" + }, + { + "name": "77162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77162" + }, + { + "name": "SUSE-SU-2015:1875", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00001.html" + }, + { + "name": "RHSA-2015:2508", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2508.html" + }, + { + "name": "SUSE-SU-2016:0113", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html" + }, + { + "name": "USN-2827-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2827-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8657.json b/2015/8xxx/CVE-2015-8657.json index 25184ae831f..87b7dfb0258 100644 --- a/2015/8xxx/CVE-2015-8657.json +++ b/2015/8xxx/CVE-2015-8657.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8658, and CVE-2015-8820." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-8657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-660", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-660" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html" - }, - { - "name" : "84160", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8658, and CVE-2015-8820." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html" + }, + { + "name": "84160", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84160" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-660", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-660" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9080.json b/2015/9xxx/CVE-2015-9080.json index 3943414b92d..00a8e23892f 100644 --- a/2015/9xxx/CVE-2015-9080.json +++ b/2015/9xxx/CVE-2015-9080.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-9080", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9080", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9159.json b/2015/9xxx/CVE-2015-9159.json index cc032fc4c22..059e1111732 100644 --- a/2015/9xxx/CVE-2015-9159.json +++ b/2015/9xxx/CVE-2015-9159.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2015-9159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, lack of input validation OEMCrypto_GetRandom can cause potential buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy without Checking Size in Core" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2015-9159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, lack of input validation OEMCrypto_GetRandom can cause potential buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy without Checking Size in Core" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2404.json b/2018/2xxx/CVE-2018-2404.json index d66f472b440..e3ece2e54f3 100644 --- a/2018/2xxx/CVE-2018-2404.json +++ b/2018/2xxx/CVE-2018-2404.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2018-2404", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP Disclosure Management", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "10.1" - } - ] - } - } - ] - }, - "vendor_name" : "SAP SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 4.3, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "NONE", - "integrityImpact" : "LOW", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Unrestricted File Upload" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2018-2404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP Disclosure Management", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.1" + } + ] + } + } + ] + }, + "vendor_name": "SAP SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.support.sap.com/#/notes/2607052", - "refsource" : "MISC", - "url" : "https://launchpad.support.sap.com/#/notes/2607052" - }, - { - "name" : "https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/", - "refsource" : "CONFIRM", - "url" : "https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/" - }, - { - "name" : "103727", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103727" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unrestricted File Upload" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://launchpad.support.sap.com/#/notes/2607052", + "refsource": "MISC", + "url": "https://launchpad.support.sap.com/#/notes/2607052" + }, + { + "name": "https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/", + "refsource": "CONFIRM", + "url": "https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/" + }, + { + "name": "103727", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103727" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2443.json b/2018/2xxx/CVE-2018-2443.json index f418b36c739..e4f3424d0d1 100644 --- a/2018/2xxx/CVE-2018-2443.json +++ b/2018/2xxx/CVE-2018-2443.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2443", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-2443", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2718.json b/2018/2xxx/CVE-2018-2718.json index 2056b53752e..1bcbe6dad30 100644 --- a/2018/2xxx/CVE-2018-2718.json +++ b/2018/2xxx/CVE-2018-2718.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Solaris Operating System", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "10" - }, - { - "version_affected" : "=", - "version_value" : "11.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10" + }, + { + "version_affected": "=", + "version_value": "11.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "103886", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103886" - }, - { - "name" : "1040702", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040702" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040702", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040702" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "103886", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103886" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3259.json b/2018/3xxx/CVE-2018-3259.json index 560f42907fb..6b12288f6d0 100644 --- a/2018/3xxx/CVE-2018-3259.json +++ b/2018/3xxx/CVE-2018-3259.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3259", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Oracle Database", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.2.0.4" - }, - { - "version_affected" : "=", - "version_value" : "12.1.0.2" - }, - { - "version_affected" : "=", - "version_value" : "12.2.0.1" - }, - { - "version_affected" : "=", - "version_value" : "18c" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3259", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.2.0.4" + }, + { + "version_affected": "=", + "version_value": "12.1.0.2" + }, + { + "version_affected": "=", + "version_value": "12.2.0.1" + }, + { + "version_affected": "=", + "version_value": "18c" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105648", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105648" - }, - { - "name" : "1041890", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041890" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041890", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041890" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "105648", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105648" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6071.json b/2018/6xxx/CVE-2018-6071.json index 25517b3446b..3a06db5c2ac 100644 --- a/2018/6xxx/CVE-2018-6071.json +++ b/2018/6xxx/CVE-2018-6071.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-6071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "65.0.3325.146" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-6071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "65.0.3325.146" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/777318", - "refsource" : "MISC", - "url" : "https://crbug.com/777318" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4182", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4182" - }, - { - "name" : "RHSA-2018:0484", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0484" - }, - { - "name" : "103297", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103297" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/777318", + "refsource": "MISC", + "url": "https://crbug.com/777318" + }, + { + "name": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html" + }, + { + "name": "103297", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103297" + }, + { + "name": "RHSA-2018:0484", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0484" + }, + { + "name": "DSA-4182", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4182" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6567.json b/2018/6xxx/CVE-2018-6567.json index 1f385b6b4fd..5184ed82929 100644 --- a/2018/6xxx/CVE-2018-6567.json +++ b/2018/6xxx/CVE-2018-6567.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6567", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6567", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6825.json b/2018/6xxx/CVE-2018-6825.json index c034e5fddf0..a732a88f09b 100644 --- a/2018/6xxx/CVE-2018-6825.json +++ b/2018/6xxx/CVE-2018-6825.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH server exists with a hardcoded vobot account that has root access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://stacksmashing.net/CVE-2018-6825.html", - "refsource" : "MISC", - "url" : "http://stacksmashing.net/CVE-2018-6825.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH server exists with a hardcoded vobot account that has root access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://stacksmashing.net/CVE-2018-6825.html", + "refsource": "MISC", + "url": "http://stacksmashing.net/CVE-2018-6825.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7043.json b/2018/7xxx/CVE-2018-7043.json index fb40716deae..cb6bfb4e583 100644 --- a/2018/7xxx/CVE-2018-7043.json +++ b/2018/7xxx/CVE-2018-7043.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7043", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7043", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7108.json b/2018/7xxx/CVE-2018-7108.json index 27b93f5b976..b72b015c6df 100644 --- a/2018/7xxx/CVE-2018-7108.json +++ b/2018/7xxx/CVE-2018-7108.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "ID" : "CVE-2018-7108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HPE StorageWorks XP7 Automation Director (AutoDir)", - "version" : { - "version_data" : [ - { - "version_value" : "version 8.5.2-02 to earlier than 8.6.1-00" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to earlier than 8.6.1-00 has a local and remote authentication bypass vulnerability that exposed the user authentication information of the storage system. This problem sometimes occurred under specific conditions when running a service template." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Local and Remote Authentication Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "ID": "CVE-2018-7108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HPE StorageWorks XP7 Automation Director (AutoDir)", + "version": { + "version_data": [ + { + "version_value": "version 8.5.2-02 to earlier than 8.6.1-00" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03879en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03879en_us" - }, - { - "name" : "1041696", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to earlier than 8.6.1-00 has a local and remote authentication bypass vulnerability that exposed the user authentication information of the storage system. This problem sometimes occurred under specific conditions when running a service template." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Local and Remote Authentication Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03879en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03879en_us" + }, + { + "name": "1041696", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041696" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7156.json b/2018/7xxx/CVE-2018-7156.json index 7da77bca4fc..e75c8bd2d28 100644 --- a/2018/7xxx/CVE-2018-7156.json +++ b/2018/7xxx/CVE-2018-7156.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7156", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7156", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7328.json b/2018/7xxx/CVE-2018-7328.json index 8e99ee1e89b..ff50dec1edc 100644 --- a/2018/7xxx/CVE-2018-7328.json +++ b/2018/7xxx/CVE-2018-7328.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7328", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c had an infinite loop that was addressed by rejecting short frame header lengths." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14421", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14421" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=69d09028c956f6e049145485ce9b3e2858789b2b", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=69d09028c956f6e049145485ce9b3e2858789b2b" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2018-06.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2018-06.html" - }, - { - "name" : "103158", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c had an infinite loop that was addressed by rejecting short frame header lengths." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14421", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14421" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2018-06.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2018-06.html" + }, + { + "name": "103158", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103158" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=69d09028c956f6e049145485ce9b3e2858789b2b", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=69d09028c956f6e049145485ce9b3e2858789b2b" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7533.json b/2018/7xxx/CVE-2018-7533.json index 48c3ef97c66..83ecf235358 100644 --- a/2018/7xxx/CVE-2018-7533.json +++ b/2018/7xxx/CVE-2018-7533.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2018-7533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OSIsoft PI Data Archive", - "version" : { - "version_data" : [ - { - "version_value" : "OSIsoft PI Data Archive" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-276" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2018-7533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OSIsoft PI Data Archive", + "version": { + "version_data": [ + { + "version_value": "OSIsoft PI Data Archive" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-02" - }, - { - "name" : "103399", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103399" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-276" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-02" + }, + { + "name": "103399", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103399" + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5375.json b/2019/5xxx/CVE-2019-5375.json index 95e9f17712b..0ca1be92e00 100644 --- a/2019/5xxx/CVE-2019-5375.json +++ b/2019/5xxx/CVE-2019-5375.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5375", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5375", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5971.json b/2019/5xxx/CVE-2019-5971.json index 0ec2fba421b..a7f36d85dfe 100644 --- a/2019/5xxx/CVE-2019-5971.json +++ b/2019/5xxx/CVE-2019-5971.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5971", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5971", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file