From f57e8a808539c8ab0d333a476547cf648620b5ff Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:49:08 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/0xxx/CVE-1999-0248.json | 130 +++++------ 1999/0xxx/CVE-1999-0487.json | 120 +++++----- 1999/1xxx/CVE-1999-1213.json | 130 +++++------ 1999/1xxx/CVE-1999-1437.json | 140 ++++++------ 1999/1xxx/CVE-1999-1549.json | 130 +++++------ 2000/0xxx/CVE-2000-0291.json | 130 +++++------ 2000/0xxx/CVE-2000-0426.json | 130 +++++------ 2000/0xxx/CVE-2000-0619.json | 150 ++++++------- 2000/0xxx/CVE-2000-0687.json | 130 +++++------ 2000/0xxx/CVE-2000-0732.json | 140 ++++++------ 2000/0xxx/CVE-2000-0864.json | 200 ++++++++--------- 2000/0xxx/CVE-2000-0903.json | 130 +++++------ 2000/1xxx/CVE-2000-1151.json | 120 +++++----- 2005/2xxx/CVE-2005-2325.json | 120 +++++----- 2005/2xxx/CVE-2005-2703.json | 420 +++++++++++++++++------------------ 2007/1xxx/CVE-2007-1060.json | 210 +++++++++--------- 2007/5xxx/CVE-2007-5242.json | 180 +++++++-------- 2007/5xxx/CVE-2007-5369.json | 180 +++++++-------- 2007/5xxx/CVE-2007-5618.json | 260 +++++++++++----------- 2009/2xxx/CVE-2009-2549.json | 130 +++++------ 2009/2xxx/CVE-2009-2943.json | 140 ++++++------ 2015/0xxx/CVE-2015-0474.json | 140 ++++++------ 2015/0xxx/CVE-2015-0551.json | 130 +++++------ 2015/3xxx/CVE-2015-3631.json | 150 ++++++------- 2015/3xxx/CVE-2015-3766.json | 170 +++++++------- 2015/4xxx/CVE-2015-4130.json | 34 +-- 2015/4xxx/CVE-2015-4178.json | 180 +++++++-------- 2015/4xxx/CVE-2015-4458.json | 130 +++++------ 2015/4xxx/CVE-2015-4629.json | 130 +++++------ 2015/4xxx/CVE-2015-4974.json | 150 ++++++------- 2015/7xxx/CVE-2015-7184.json | 190 ++++++++-------- 2015/8xxx/CVE-2015-8204.json | 34 +-- 2015/8xxx/CVE-2015-8206.json | 34 +-- 2015/8xxx/CVE-2015-8281.json | 120 +++++----- 2015/9xxx/CVE-2015-9194.json | 132 +++++------ 2015/9xxx/CVE-2015-9261.json | 150 ++++++------- 2016/1xxx/CVE-2016-1341.json | 130 +++++------ 2016/1xxx/CVE-2016-1845.json | 34 +-- 2016/1xxx/CVE-2016-1881.json | 140 ++++++------ 2016/1xxx/CVE-2016-1999.json | 130 +++++------ 2016/5xxx/CVE-2016-5106.json | 190 ++++++++-------- 2016/5xxx/CVE-2016-5174.json | 190 ++++++++-------- 2016/5xxx/CVE-2016-5290.json | 256 ++++++++++----------- 2016/5xxx/CVE-2016-5403.json | 310 +++++++++++++------------- 2018/2xxx/CVE-2018-2288.json | 34 +-- 2018/2xxx/CVE-2018-2659.json | 132 +++++------ 2018/2xxx/CVE-2018-2682.json | 142 ++++++------ 2018/2xxx/CVE-2018-2738.json | 148 ++++++------ 2018/6xxx/CVE-2018-6719.json | 34 +-- 2019/0xxx/CVE-2019-0121.json | 122 +++++----- 2019/0xxx/CVE-2019-0233.json | 34 +-- 2019/0xxx/CVE-2019-0335.json | 34 +-- 2019/1xxx/CVE-2019-1269.json | 34 +-- 2019/1xxx/CVE-2019-1275.json | 34 +-- 2019/1xxx/CVE-2019-1299.json | 34 +-- 2019/4xxx/CVE-2019-4370.json | 34 +-- 2019/5xxx/CVE-2019-5061.json | 34 +-- 2019/5xxx/CVE-2019-5483.json | 34 +-- 2019/5xxx/CVE-2019-5527.json | 34 +-- 59 files changed, 3796 insertions(+), 3796 deletions(-) diff --git a/1999/0xxx/CVE-1999-0248.json b/1999/0xxx/CVE-1999-0248.json index beada57e134..fbbb55aed26 100644 --- a/1999/0xxx/CVE-1999-0248.json +++ b/1999/0xxx/CVE-1999-0248.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0248", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0248", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html", - "refsource" : "MISC", - "url" : "http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html" - }, - { - "name" : "http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1", - "refsource" : "CONFIRM", - "url" : "http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html", + "refsource": "MISC", + "url": "http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html" + }, + { + "name": "http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1", + "refsource": "CONFIRM", + "url": "http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0487.json b/1999/0xxx/CVE-1999-0487.json index 1984cd18031..b8952ecf570 100644 --- a/1999/0xxx/CVE-1999-0487.json +++ b/1999/0xxx/CVE-1999-0487.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0487", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS99-011", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-011" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS99-011", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-011" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1213.json b/1999/1xxx/CVE-1999-1213.json index 333dac20559..7c10a973dd7 100644 --- a/1999/1xxx/CVE-1999-1213.json +++ b/1999/1xxx/CVE-1999-1213.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in telnet service in HP-UX 10.30 allows attackers to cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX9710-070", - "refsource" : "HP", - "url" : "http://www2.dataguard.no/bugtraq/1997_4/0001.html" - }, - { - "name" : "hp-telnetdos(571)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in telnet service in HP-UX 10.30 allows attackers to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hp-telnetdos(571)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/571" + }, + { + "name": "HPSBUX9710-070", + "refsource": "HP", + "url": "http://www2.dataguard.no/bugtraq/1997_4/0001.html" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1437.json b/1999/1xxx/CVE-1999-1437.json index ec934e42da0..263e7a3fcab 100644 --- a/1999/1xxx/CVE-1999-1437.json +++ b/1999/1xxx/CVE-1999-1437.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ePerl 2.2.12 allows remote attackers to read arbitrary files and possibly execute certain commands by specifying a full pathname of the target file as an argument to bar.phtml." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19980707 ePerl: bad handling of ISINDEX queries", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=90221104525890&w=2" - }, - { - "name" : "19980710 ePerl Security Update Available", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=90221104525927&w=2" - }, - { - "name" : "151", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/151" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ePerl 2.2.12 allows remote attackers to read arbitrary files and possibly execute certain commands by specifying a full pathname of the target file as an argument to bar.phtml." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19980707 ePerl: bad handling of ISINDEX queries", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=90221104525890&w=2" + }, + { + "name": "151", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/151" + }, + { + "name": "19980710 ePerl Security Update Available", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=90221104525927&w=2" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1549.json b/1999/1xxx/CVE-1999-1549.json index 81bbade5675..88f104e2dd7 100644 --- a/1999/1xxx/CVE-1999-1549.json +++ b/1999/1xxx/CVE-1999-1549.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a \"secure\" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19991116 lynx 2.8.x - 'special URLs' anti-spoofing protection is weak", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=94286509804526&w=2" - }, - { - "name" : "804", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a \"secure\" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "804", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/804" + }, + { + "name": "19991116 lynx 2.8.x - 'special URLs' anti-spoofing protection is weak", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=94286509804526&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0291.json b/2000/0xxx/CVE-2000-0291.json index ca0f958c48b..03982128d5f 100644 --- a/2000/0xxx/CVE-2000-0291.json +++ b/2000/0xxx/CVE-2000-0291.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Star Office 5.1 allows attackers to cause a denial of service by embedding a long URL within a document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000416 StarOffice 5.1", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-04/0077.html" - }, - { - "name" : "1112", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1112" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Star Office 5.1 allows attackers to cause a denial of service by embedding a long URL within a document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000416 StarOffice 5.1", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-04/0077.html" + }, + { + "name": "1112", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1112" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0426.json b/2000/0xxx/CVE-2000-0426.json index 87599f79e8d..fc516c9010a 100644 --- a/2000/0xxx/CVE-2000-0426.json +++ b/2000/0xxx/CVE-2000-0426.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "UltraBoard 1.6 and other versions allow remote attackers to cause a denial of service by referencing UltraBoard in the Session parameter, which causes UltraBoard to fork copies of itself." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000505 Re: Fun with UltraBoard V1.6X", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-05/0059.html" - }, - { - "name" : "1175", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1175" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UltraBoard 1.6 and other versions allow remote attackers to cause a denial of service by referencing UltraBoard in the Session parameter, which causes UltraBoard to fork copies of itself." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000505 Re: Fun with UltraBoard V1.6X", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0059.html" + }, + { + "name": "1175", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1175" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0619.json b/2000/0xxx/CVE-2000-0619.json index 69dfcc9c0d1..8d31237011b 100644 --- a/2000/0xxx/CVE-2000-0619.json +++ b/2000/0xxx/CVE-2000-0619.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Top Layer AppSwitch 2500 allows remote attackers to cause a denial of service via malformed ICMP packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000520 TopLayer layer 7 switch Advisory", - "refsource" : "VULN-DEV", - "url" : "http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0680.html" - }, - { - "name" : "20000614 Update on TopLayer Advisory", - "refsource" : "VULN-DEV", - "url" : "http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0921.html" - }, - { - "name" : "1258", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1258" - }, - { - "name" : "toplayer-icmp-dos(7364)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7364" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Top Layer AppSwitch 2500 allows remote attackers to cause a denial of service via malformed ICMP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1258", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1258" + }, + { + "name": "20000614 Update on TopLayer Advisory", + "refsource": "VULN-DEV", + "url": "http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0921.html" + }, + { + "name": "toplayer-icmp-dos(7364)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7364" + }, + { + "name": "20000520 TopLayer layer 7 switch Advisory", + "refsource": "VULN-DEV", + "url": "http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0680.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0687.json b/2000/0xxx/CVE-2000-0687.json index 39e030e3b79..ad40e484912 100644 --- a/2000/0xxx/CVE-2000-0687.json +++ b/2000/0xxx/CVE-2000-0687.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0687", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the catdir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000823 Auction WeaverT LITE 1.0", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-08/0310.html" - }, - { - "name" : "1630", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1630" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the catdir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1630", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1630" + }, + { + "name": "20000823 Auction WeaverT LITE 1.0", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0310.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0732.json b/2000/0xxx/CVE-2000-0732.json index be42fde2c7e..150d3f58a43 100644 --- a/2000/0xxx/CVE-2000-0732.json +++ b/2000/0xxx/CVE-2000-0732.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Worm HTTP server allows remote attackers to cause a denial of service via a long URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000825 DST2K0023: Directory Traversal Possible & Denial of Service in Wo rm HTTP Server", - "refsource" : "NTBUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0111.html" - }, - { - "name" : "1626", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1626" - }, - { - "name" : "wormhttp-filename-dos(5149)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5149" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Worm HTTP server allows remote attackers to cause a denial of service via a long URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1626", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1626" + }, + { + "name": "wormhttp-filename-dos(5149)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5149" + }, + { + "name": "20000825 DST2K0023: Directory Traversal Possible & Denial of Service in Wo rm HTTP Server", + "refsource": "NTBUGTRAQ", + "url": "http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0111.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0864.json b/2000/0xxx/CVE-2000-0864.json index 8e5775b0703..0ff70fa2713 100644 --- a/2000/0xxx/CVE-2000-0864.json +++ b/2000/0xxx/CVE-2000-0864.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-00:45", - "refsource" : "FREEBSD", - "url" : "http://archives.neohapsis.com/archives/freebsd/2000-08/0365.html" - }, - { - "name" : "20000911 Patch for esound-0.2.19", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-09/0095.html" - }, - { - "name" : "MDKSA-2000:051", - "refsource" : "MANDRAKE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-09/0328.htm" - }, - { - "name" : "RHSA-2000:077", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2000-077.html" - }, - { - "name" : "20001008 esound: race condition", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2000/20001008" - }, - { - "name" : "20001006 Immunix OS Security Update for esound", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-10/0118.html" - }, - { - "name" : "20001012 esound daemon race condition", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/esound_daemon_race_condition.html" - }, - { - "name" : "1659", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1659" - }, - { - "name" : "gnome-esound-symlink(5213)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5213" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1659", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1659" + }, + { + "name": "gnome-esound-symlink(5213)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5213" + }, + { + "name": "MDKSA-2000:051", + "refsource": "MANDRAKE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0328.htm" + }, + { + "name": "20001008 esound: race condition", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2000/20001008" + }, + { + "name": "RHSA-2000:077", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2000-077.html" + }, + { + "name": "20001012 esound daemon race condition", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/esound_daemon_race_condition.html" + }, + { + "name": "FreeBSD-SA-00:45", + "refsource": "FREEBSD", + "url": "http://archives.neohapsis.com/archives/freebsd/2000-08/0365.html" + }, + { + "name": "20001006 Immunix OS Security Update for esound", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0118.html" + }, + { + "name": "20000911 Patch for esound-0.2.19", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0095.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0903.json b/2000/0xxx/CVE-2000-0903.json index 0908483a1ce..7bff8e25d6f 100644 --- a/2000/0xxx/CVE-2000-0903.json +++ b/2000/0xxx/CVE-2000-0903.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Voyager web server 2.01B in the demo disks for QNX 405 allows remote attackers to read arbitrary files via a .. (dot dot) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000901 Multiple QNX Voyager Issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/79956" - }, - { - "name" : "1648", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1648" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Voyager web server 2.01B in the demo disks for QNX 405 allows remote attackers to read arbitrary files via a .. (dot dot) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000901 Multiple QNX Voyager Issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/79956" + }, + { + "name": "1648", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1648" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1151.json b/2000/1xxx/CVE-2000-1151.json index 8f3128738f0..3b4b6262cf1 100644 --- a/2000/1xxx/CVE-2000-1151.json +++ b/2000/1xxx/CVE-2000-1151.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Baxter IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001113 beos vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-11/0203.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Baxter IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20001113 beos vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0203.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2325.json b/2005/2xxx/CVE-2005-2325.json index 8aca398137d..ed275a60a2e 100644 --- a/2005/2xxx/CVE-2005-2325.json +++ b/2005/2xxx/CVE-2005-2325.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2325", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full path of the web root via a direct request to (1) ticker.php, (2) menu.php, (3) banned.php, (4) endlayout.php, (5) randomhlinesblock.php, (6) showlast.php, (7) showlast5class1.php, (8) showlast5phorum.php, (9) showlast5phorumblock.php, (10) showlastforumbb2.php, or (11) showlastforumbb2block.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2005/07/clever-copy-path-disclosure-and-xss.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2005/07/clever-copy-path-disclosure-and-xss.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full path of the web root via a direct request to (1) ticker.php, (2) menu.php, (3) banned.php, (4) endlayout.php, (5) randomhlinesblock.php, (6) showlast.php, (7) showlast5class1.php, (8) showlast5phorum.php, (9) showlast5phorumblock.php, (10) showlastforumbb2.php, or (11) showlastforumbb2block.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lostmon.blogspot.com/2005/07/clever-copy-path-disclosure-and-xss.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2005/07/clever-copy-path-disclosure-and-xss.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2703.json b/2005/2xxx/CVE-2005-2703.json index 29ee66d0088..c2757fa4b50 100644 --- a/2005/2xxx/CVE-2005-2703.json +++ b/2005/2xxx/CVE-2005-2703.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-2703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/mfsa2005-58.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/mfsa2005-58.html" - }, - { - "name" : "DSA-868", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-868" - }, - { - "name" : "DSA-838", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-838" - }, - { - "name" : "DSA-866", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-866" - }, - { - "name" : "FLSA-2006:168375", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html" - }, - { - "name" : "MDKSA-2005:169", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:169" - }, - { - "name" : "MDKSA-2005:170", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:170" - }, - { - "name" : "MDKSA-2005:174", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:174" - }, - { - "name" : "RHSA-2005:785", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-785.html" - }, - { - "name" : "RHSA-2005:789", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-789.html" - }, - { - "name" : "RHSA-2005:791", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-791.html" - }, - { - "name" : "SCOSA-2005.49", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" - }, - { - "name" : "SUSE-SA:2005:058", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_58_mozilla.html" - }, - { - "name" : "USN-200-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-200-1" - }, - { - "name" : "14923", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14923" - }, - { - "name" : "15495", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15495" - }, - { - "name" : "oval:org.mitre.oval:def:10767", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10767" - }, - { - "name" : "ADV-2005-1824", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1824" - }, - { - "name" : "oval:org.mitre.oval:def:1089", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1089" - }, - { - "name" : "1014954", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014954" - }, - { - "name" : "16911", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16911" - }, - { - "name" : "16917", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16917" - }, - { - "name" : "17042", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17042" - }, - { - "name" : "17090", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17090" - }, - { - "name" : "17149", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17149" - }, - { - "name" : "17284", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17284" - }, - { - "name" : "17026", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17026" - }, - { - "name" : "17263", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17263" - }, - { - "name" : "16977", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16977" - }, - { - "name" : "17014", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17014" - }, - { - "name" : "mozilla-xmlhttprequest-spoofing(22376)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22376" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2005:169", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:169" + }, + { + "name": "mozilla-xmlhttprequest-spoofing(22376)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22376" + }, + { + "name": "DSA-868", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-868" + }, + { + "name": "ADV-2005-1824", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1824" + }, + { + "name": "FLSA-2006:168375", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html" + }, + { + "name": "SCOSA-2005.49", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" + }, + { + "name": "oval:org.mitre.oval:def:1089", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1089" + }, + { + "name": "15495", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15495" + }, + { + "name": "1014954", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014954" + }, + { + "name": "RHSA-2005:789", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-789.html" + }, + { + "name": "17026", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17026" + }, + { + "name": "RHSA-2005:791", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-791.html" + }, + { + "name": "USN-200-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-200-1" + }, + { + "name": "17042", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17042" + }, + { + "name": "DSA-866", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-866" + }, + { + "name": "http://www.mozilla.org/security/announce/mfsa2005-58.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/mfsa2005-58.html" + }, + { + "name": "oval:org.mitre.oval:def:10767", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10767" + }, + { + "name": "17284", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17284" + }, + { + "name": "17149", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17149" + }, + { + "name": "17263", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17263" + }, + { + "name": "16917", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16917" + }, + { + "name": "DSA-838", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-838" + }, + { + "name": "17014", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17014" + }, + { + "name": "RHSA-2005:785", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-785.html" + }, + { + "name": "SUSE-SA:2005:058", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_58_mozilla.html" + }, + { + "name": "MDKSA-2005:174", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:174" + }, + { + "name": "17090", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17090" + }, + { + "name": "16911", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16911" + }, + { + "name": "16977", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16977" + }, + { + "name": "14923", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14923" + }, + { + "name": "MDKSA-2005:170", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:170" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1060.json b/2007/1xxx/CVE-2007-1060.json index 6ae06cd0d90..ac875072166 100644 --- a/2007/1xxx/CVE-2007-1060.json +++ b/2007/1xxx/CVE-2007-1060.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Interspire SendStudio 2004.14 and earlier, when register_globals and allow_fopenurl are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOTDIR parameter to (1) createemails.inc.php and (2) send_emails.inc.php in /admin/includes/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070221 [ECHO_ADV_66$2007] SendStudio <= 2004.14 Remote File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/460964/100/0/threaded" - }, - { - "name" : "20070223 Re: [ECHO_ADV_66$2007] SendStudio <= 2004.14 Remote File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/461019/100/0/threaded" - }, - { - "name" : "3348", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3348" - }, - { - "name" : "http://advisories.echo.or.id/adv/adv66-K-159-2007.txt", - "refsource" : "MISC", - "url" : "http://advisories.echo.or.id/adv/adv66-K-159-2007.txt" - }, - { - "name" : "22642", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22642" - }, - { - "name" : "ADV-2007-0672", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0672" - }, - { - "name" : "33264", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33264" - }, - { - "name" : "33265", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33265" - }, - { - "name" : "24212", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24212" - }, - { - "name" : "sendstudio-rootdir-file-include(32602)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Interspire SendStudio 2004.14 and earlier, when register_globals and allow_fopenurl are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOTDIR parameter to (1) createemails.inc.php and (2) send_emails.inc.php in /admin/includes/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070223 Re: [ECHO_ADV_66$2007] SendStudio <= 2004.14 Remote File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/461019/100/0/threaded" + }, + { + "name": "22642", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22642" + }, + { + "name": "sendstudio-rootdir-file-include(32602)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32602" + }, + { + "name": "http://advisories.echo.or.id/adv/adv66-K-159-2007.txt", + "refsource": "MISC", + "url": "http://advisories.echo.or.id/adv/adv66-K-159-2007.txt" + }, + { + "name": "20070221 [ECHO_ADV_66$2007] SendStudio <= 2004.14 Remote File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/460964/100/0/threaded" + }, + { + "name": "33265", + "refsource": "OSVDB", + "url": "http://osvdb.org/33265" + }, + { + "name": "24212", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24212" + }, + { + "name": "3348", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3348" + }, + { + "name": "ADV-2007-0672", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0672" + }, + { + "name": "33264", + "refsource": "OSVDB", + "url": "http://osvdb.org/33264" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5242.json b/2007/5xxx/CVE-2007-5242.json index f70fbffd1ce..b96e77beb5d 100644 --- a/2007/5xxx/CVE-2007-5242.json +++ b/2007/5xxx/CVE-2007-5242.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON.EXE in HP OpenVMS 8.3 and earlier allows remote attackers to cause a denial of service (machine crash) via an \"oversize\" packet, which is not properly discarded if \"the device has no remaining buffers after receipt of the first buffer segment.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[openvms-alerts] 20071003 VMS83A_LAN-V0200, ECO Kit Release", - "refsource" : "MLIST", - "url" : "http://mail.openvms.org:8100/Lists/alerts/Message/582.html" - }, - { - "name" : "[openvms-alerts] 20071003 VMS83I_LAN-V0600, ECO Kit Release", - "refsource" : "MLIST", - "url" : "http://mail.openvms.org:8100/Lists/alerts/Message/583.html" - }, - { - "name" : "25939", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25939" - }, - { - "name" : "ADV-2007-3382", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3382" - }, - { - "name" : "37812", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37812" - }, - { - "name" : "37813", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37813" - }, - { - "name" : "27084", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON.EXE in HP OpenVMS 8.3 and earlier allows remote attackers to cause a denial of service (machine crash) via an \"oversize\" packet, which is not properly discarded if \"the device has no remaining buffers after receipt of the first buffer segment.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25939", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25939" + }, + { + "name": "37813", + "refsource": "OSVDB", + "url": "http://osvdb.org/37813" + }, + { + "name": "27084", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27084" + }, + { + "name": "[openvms-alerts] 20071003 VMS83I_LAN-V0600, ECO Kit Release", + "refsource": "MLIST", + "url": "http://mail.openvms.org:8100/Lists/alerts/Message/583.html" + }, + { + "name": "ADV-2007-3382", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3382" + }, + { + "name": "37812", + "refsource": "OSVDB", + "url": "http://osvdb.org/37812" + }, + { + "name": "[openvms-alerts] 20071003 VMS83A_LAN-V0200, ECO Kit Release", + "refsource": "MLIST", + "url": "http://mail.openvms.org:8100/Lists/alerts/Message/582.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5369.json b/2007/5xxx/CVE-2007-5369.json index 9f2217db908..0265e7fdb8d 100644 --- a/2007/5xxx/CVE-2007-5369.json +++ b/2007/5xxx/CVE-2007-5369.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GetMagicNumberString function in Massive Entertainment World in Conflict 1.000 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a string to the VoIP port (52999/tcp) with an invalid value in the third byte." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071009 NULL pointer crash in World in Conflict 1.000", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/481895/100/0/threaded" - }, - { - "name" : "http://www.massive.se/Index.asp?nNewsId=1387", - "refsource" : "MISC", - "url" : "http://www.massive.se/Index.asp?nNewsId=1387" - }, - { - "name" : "25985", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25985" - }, - { - "name" : "ADV-2007-3448", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3448" - }, - { - "name" : "27157", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27157" - }, - { - "name" : "3214", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3214" - }, - { - "name" : "worldinconflict-getmagicnumberstring-dos(37034)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GetMagicNumberString function in Massive Entertainment World in Conflict 1.000 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a string to the VoIP port (52999/tcp) with an invalid value in the third byte." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "worldinconflict-getmagicnumberstring-dos(37034)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37034" + }, + { + "name": "25985", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25985" + }, + { + "name": "20071009 NULL pointer crash in World in Conflict 1.000", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/481895/100/0/threaded" + }, + { + "name": "http://www.massive.se/Index.asp?nNewsId=1387", + "refsource": "MISC", + "url": "http://www.massive.se/Index.asp?nNewsId=1387" + }, + { + "name": "27157", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27157" + }, + { + "name": "ADV-2007-3448", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3448" + }, + { + "name": "3214", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3214" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5618.json b/2007/5xxx/CVE-2007-5618.json index d7a4cc0a658..c5912db599e 100644 --- a/2007/5xxx/CVE-2007-5618.json +++ b/2007/5xxx/CVE-2007-5618.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1 might allow local users to gain privileges via malicious programs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489739/100/0/threaded" - }, - { - "name" : "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html" - }, - { - "name" : "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2008/000008.html" - }, - { - "name" : "http://www.vmware.com/support/player/doc/releasenotes_player.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/player/doc/releasenotes_player.html" - }, - { - "name" : "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/player2/doc/releasenotes_player2.html" - }, - { - "name" : "http://www.vmware.com/support/server/doc/releasenotes_server.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/server/doc/releasenotes_server.html" - }, - { - "name" : "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html" - }, - { - "name" : "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2008-0005.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2008-0005.html" - }, - { - "name" : "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html" - }, - { - "name" : "28276", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28276" - }, - { - "name" : "28289", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28289" - }, - { - "name" : "ADV-2007-3229", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3229" - }, - { - "name" : "ADV-2008-0905", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0905/references" - }, - { - "name" : "26890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26890" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1 might allow local users to gain privileges via malicious programs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html" + }, + { + "name": "ADV-2007-3229", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3229" + }, + { + "name": "http://www.vmware.com/support/server/doc/releasenotes_server.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html" + }, + { + "name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html" + }, + { + "name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html" + }, + { + "name": "26890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26890" + }, + { + "name": "http://www.vmware.com/support/player/doc/releasenotes_player.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html" + }, + { + "name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html" + }, + { + "name": "28289", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28289" + }, + { + "name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded" + }, + { + "name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html" + }, + { + "name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html" + }, + { + "name": "ADV-2008-0905", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0905/references" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html" + }, + { + "name": "28276", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28276" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2549.json b/2009/2xxx/CVE-2009-2549.json index 0098d7afd8e..6937730a69d 100644 --- a/2009/2xxx/CVE-2009-2549.json +++ b/2009/2xxx/CVE-2009-2549.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service via a join packet with a final field whose value is (1) 0, which triggers a server crash related to memory allocation, or (2) 1, which triggers CPU/memory consumption and a NULL pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/armazzo-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/armazzo-adv.txt" - }, - { - "name" : "ADV-2009-1951", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1951" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service via a join packet with a final field whose value is (1) 0, which triggers a server crash related to memory allocation, or (2) 1, which triggers CPU/memory consumption and a NULL pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1951", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1951" + }, + { + "name": "http://aluigi.altervista.org/adv/armazzo-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/armazzo-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2943.json b/2009/2xxx/CVE-2009-2943.json index b1309738ed0..75cd3026cfb 100644 --- a/2009/2xxx/CVE-2009-2943.json +++ b/2009/2xxx/CVE-2009-2943.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-1909", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1909" - }, - { - "name" : "59029", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/59029" - }, - { - "name" : "37048", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37048", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37048" + }, + { + "name": "DSA-1909", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1909" + }, + { + "name": "59029", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/59029" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0474.json b/2015/0xxx/CVE-2015-0474.json index 6906a4c25d9..2c064d02141 100644 --- a/2015/0xxx/CVE-2015-0474.json +++ b/2015/0xxx/CVE-2015-0474.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.1, 8.5.0, and 8.5.1 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-0493." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" - }, - { - "name" : "74139", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74139" - }, - { - "name" : "1032131", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.1, 8.5.0, and 8.5.1 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-0493." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74139", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74139" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" + }, + { + "name": "1032131", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032131" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0551.json b/2015/0xxx/CVE-2015-0551.json index 16db90f4fed..1800b9ea20c 100644 --- a/2015/0xxx/CVE-2015-0551.json +++ b/2015/0xxx/CVE-2015-0551.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0551", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2015-0551", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2015/Jul/9" - }, - { - "name" : "1032770", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032770" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032770", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032770" + }, + { + "name": "20150701 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2015/Jul/9" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3631.json b/2015/3xxx/CVE-2015-3631.json index 90402d4335a..2377a893f29 100644 --- a/2015/3xxx/CVE-2015-3631.json +++ b/2015/3xxx/CVE-2015-3631.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150508 Docker 1.6.1 - Security Advisory [150507]", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/May/28" - }, - { - "name" : "http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html" - }, - { - "name" : "https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ" - }, - { - "name" : "openSUSE-SU-2015:0905", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ" + }, + { + "name": "20150508 Docker 1.6.1 - Security Advisory [150507]", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/May/28" + }, + { + "name": "openSUSE-SU-2015:0905", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html" + }, + { + "name": "http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3766.json b/2015/3xxx/CVE-2015-3766.json index fe76bb3d072..9a279ae0314 100644 --- a/2015/3xxx/CVE-2015-3766.json +++ b/2015/3xxx/CVE-2015-3766.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-3766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT205030", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205030" - }, - { - "name" : "https://support.apple.com/kb/HT205031", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205031" - }, - { - "name" : "APPLE-SA-2015-08-13-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-08-13-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" - }, - { - "name" : "76343", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76343" - }, - { - "name" : "1033275", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033275" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/kb/HT205030", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205030" + }, + { + "name": "1033275", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033275" + }, + { + "name": "APPLE-SA-2015-08-13-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" + }, + { + "name": "APPLE-SA-2015-08-13-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" + }, + { + "name": "https://support.apple.com/kb/HT205031", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205031" + }, + { + "name": "76343", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76343" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4130.json b/2015/4xxx/CVE-2015-4130.json index e2d49c8433e..b1b54f2b05e 100644 --- a/2015/4xxx/CVE-2015-4130.json +++ b/2015/4xxx/CVE-2015-4130.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4130", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4130", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4178.json b/2015/4xxx/CVE-2015-4178.json index 69e8f0122cb..a1cb4f76bd7 100644 --- a/2015/4xxx/CVE-2015-4178.json +++ b/2015/4xxx/CVE-2015-4178.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The fs_pin implementation in the Linux kernel before 4.0.5 does not ensure the internal consistency of a certain list data structure, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call, related to fs/fs_pin.c and include/linux/fs_pin.h." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-4178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150529 CVE request Linux kernel: ns: user namespaces panic", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2015/05/29/5" - }, - { - "name" : "[oss-security] 20150529 Re: CVE request Linux kernel: ns: user namespaces panic", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2015/05/29/10" - }, - { - "name" : "[oss-security] 20150604 Re: Re: CVE request Linux kernel: ns: user namespaces panic", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/06/04/5" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=820f9f147dcce2602eefd9b575bbbd9ea14f0953", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=820f9f147dcce2602eefd9b575bbbd9ea14f0953" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1249849", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1249849" - }, - { - "name" : "https://github.com/torvalds/linux/commit/820f9f147dcce2602eefd9b575bbbd9ea14f0953", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/820f9f147dcce2602eefd9b575bbbd9ea14f0953" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The fs_pin implementation in the Linux kernel before 4.0.5 does not ensure the internal consistency of a certain list data structure, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call, related to fs/fs_pin.c and include/linux/fs_pin.h." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150529 CVE request Linux kernel: ns: user namespaces panic", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2015/05/29/5" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1249849", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249849" + }, + { + "name": "[oss-security] 20150529 Re: CVE request Linux kernel: ns: user namespaces panic", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2015/05/29/10" + }, + { + "name": "[oss-security] 20150604 Re: Re: CVE request Linux kernel: ns: user namespaces panic", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/06/04/5" + }, + { + "name": "https://github.com/torvalds/linux/commit/820f9f147dcce2602eefd9b575bbbd9ea14f0953", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/820f9f147dcce2602eefd9b575bbbd9ea14f0953" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=820f9f147dcce2602eefd9b575bbbd9ea14f0953", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=820f9f147dcce2602eefd9b575bbbd9ea14f0953" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4458.json b/2015/4xxx/CVE-2015-4458.json index e8c44ab3d64..92eca8dd5c8 100644 --- a/2015/4xxx/CVE-2015-4458.json +++ b/2015/4xxx/CVE-2015-4458.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TLS implementation in the Cavium cryptographic-module firmware, as distributed with Cisco Adaptive Security Appliance (ASA) Software 9.1(5.21) and other products, does not verify the MAC field, which allows man-in-the-middle attackers to spoof TLS content by modifying packets, aka Bug ID CSCuu52976." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150714 Cisco Adaptive Security Appliance Message Authentication Code Checking Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39919" - }, - { - "name" : "1032927", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032927" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TLS implementation in the Cavium cryptographic-module firmware, as distributed with Cisco Adaptive Security Appliance (ASA) Software 9.1(5.21) and other products, does not verify the MAC field, which allows man-in-the-middle attackers to spoof TLS content by modifying packets, aka Bug ID CSCuu52976." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032927", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032927" + }, + { + "name": "20150714 Cisco Adaptive Security Appliance Message Authentication Code Checking Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39919" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4629.json b/2015/4xxx/CVE-2015-4629.json index 6566bd20c9b..6922f648f88 100644 --- a/2015/4xxx/CVE-2015-4629.json +++ b/2015/4xxx/CVE-2015-4629.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4629", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to read device configuration information, enable PIN/PUK authentication, and perform other unspecified actions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-441178.htm", - "refsource" : "CONFIRM", - "url" : "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-441178.htm" - }, - { - "name" : "75194", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75194" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to read device configuration information, enable PIN/PUK authentication, and perform other unspecified actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "75194", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75194" + }, + { + "name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-441178.htm", + "refsource": "CONFIRM", + "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-441178.htm" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4974.json b/2015/4xxx/CVE-2015-4974.json index 9c1ec807b5d..ade0e3b823f 100644 --- a/2015/4xxx/CVE-2015-4974.json +++ b/2015/4xxx/CVE-2015-4974.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4974", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-4974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005366", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005366" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21972152", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21972152" - }, - { - "name" : "77025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77025" - }, - { - "name" : "1035094", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035094" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005366", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005366" + }, + { + "name": "1035094", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035094" + }, + { + "name": "77025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77025" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21972152", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972152" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7184.json b/2015/7xxx/CVE-2015-7184.json index 2966039119f..4b5539e2a41 100644 --- a/2015/7xxx/CVE-2015-7184.json +++ b/2015/7xxx/CVE-2015-7184.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin Policy via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-7184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-115.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-115.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1208339", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1208339" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1212669", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1212669" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "openSUSE-SU-2015:1817", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00021.html" - }, - { - "name" : "USN-2768-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2768-1" - }, - { - "name" : "77100", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77100" - }, - { - "name" : "1033820", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033820" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin Policy via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2768-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2768-1" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-115.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-115.html" + }, + { + "name": "openSUSE-SU-2015:1817", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00021.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1208339", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1208339" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1212669", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1212669" + }, + { + "name": "1033820", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033820" + }, + { + "name": "77100", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77100" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8204.json b/2015/8xxx/CVE-2015-8204.json index 245d6e1e675..f6baf0ceba6 100644 --- a/2015/8xxx/CVE-2015-8204.json +++ b/2015/8xxx/CVE-2015-8204.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8204", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-8204", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8206.json b/2015/8xxx/CVE-2015-8206.json index f5564da16b6..b6890834376 100644 --- a/2015/8xxx/CVE-2015-8206.json +++ b/2015/8xxx/CVE-2015-8206.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8206", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-8206", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8281.json b/2015/8xxx/CVE-2015-8281.json index b673a5d7e82..0e67aca046b 100644 --- a/2015/8xxx/CVE-2015-8281.json +++ b/2015/8xxx/CVE-2015-8281.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows attackers to bypass filesystem encryption via XOR calculations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-8281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#913000", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/913000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows attackers to bypass filesystem encryption via XOR calculations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#913000", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/913000" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9194.json b/2015/9xxx/CVE-2015-9194.json index 40dd380fa41..daff2625b67 100644 --- a/2015/9xxx/CVE-2015-9194.json +++ b/2015/9xxx/CVE-2015-9194.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2015-9194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "SD 210/SD 212/SD 205,SD 400,SD 425,SD 427,SD 430,SD 435,SD 450,SD 617,SD 625,SD 650/52,SD 800,SD 845,Snapdragon_High_Med_2016" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 845, and Snapdragon_High_Med_2016, during module load at TZ Startup, memory statically allocated by modules was not being properly set to zero first. Allowing the module to execute without reset gives it access to information from previous app thus leading to information exposure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure in Core." - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2015-9194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "SD 210/SD 212/SD 205,SD 400,SD 425,SD 427,SD 430,SD 435,SD 450,SD 617,SD 625,SD 650/52,SD 800,SD 845,Snapdragon_High_Med_2016" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 845, and Snapdragon_High_Med_2016, during module load at TZ Startup, memory statically allocated by modules was not being properly set to zero first. Allowing the module to execute without reset gives it access to information from previous app thus leading to information exposure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure in Core." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9261.json b/2015/9xxx/CVE-2015-9261.json index d4870836764..a37291783b5 100644 --- a/2015/9xxx/CVE-2015-9261.json +++ b/2015/9xxx/CVE-2015-9261.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-9261", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9261", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html" - }, - { - "name" : "http://www.openwall.com/lists/oss-security/2015/10/25/3", - "refsource" : "MISC", - "url" : "http://www.openwall.com/lists/oss-security/2015/10/25/3" - }, - { - "name" : "https://bugs.debian.org/803097", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/803097" - }, - { - "name" : "https://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e", - "refsource" : "MISC", - "url" : "https://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e", + "refsource": "MISC", + "url": "https://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e" + }, + { + "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html" + }, + { + "name": "http://www.openwall.com/lists/oss-security/2015/10/25/3", + "refsource": "MISC", + "url": "http://www.openwall.com/lists/oss-security/2015/10/25/3" + }, + { + "name": "https://bugs.debian.org/803097", + "refsource": "MISC", + "url": "https://bugs.debian.org/803097" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1341.json b/2016/1xxx/CVE-2016-1341.json index 311af354b22..d5257654f81 100644 --- a/2016/1xxx/CVE-2016-1341.json +++ b/2016/1xxx/CVE-2016-1341.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCur22079." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-1341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160223 Cisco Nexus 2000 Series Fabric Extender Software Default Credential Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160223-nx2000" - }, - { - "name" : "1035088", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCur22079." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160223 Cisco Nexus 2000 Series Fabric Extender Software Default Credential Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160223-nx2000" + }, + { + "name": "1035088", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035088" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1845.json b/2016/1xxx/CVE-2016-1845.json index 42954a02e17..0f147d5e540 100644 --- a/2016/1xxx/CVE-2016-1845.json +++ b/2016/1xxx/CVE-2016-1845.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1845", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-1845", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1881.json b/2016/1xxx/CVE-2016-1881.json index cfaad0f9812..f5f24b856f7 100644 --- a/2016/1xxx/CVE-2016-1881.json +++ b/2016/1xxx/CVE-2016-1881.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1881", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause a denial of service (crash) or potentially gain privilege via a crafted Linux compatibility layer setgroups system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "FreeBSD-SA-16:04", - "refsource" : "FREEBSD", - "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:04.linux.asc" - }, - { - "name" : "1034676", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034676" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause a denial of service (crash) or potentially gain privilege via a crafted Linux compatibility layer setgroups system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "1034676", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034676" + }, + { + "name": "FreeBSD-SA-16:04", + "refsource": "FREEBSD", + "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:04.linux.asc" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1999.json b/2016/1xxx/CVE-2016-1999.json index f19c90022bb..fb4cba1d963 100644 --- a/2016/1xxx/CVE-2016-1999.json +++ b/2016/1xxx/CVE-2016-1999.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05063986", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05063986" - }, - { - "name" : "90778", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05063986", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05063986" + }, + { + "name": "90778", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90778" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5106.json b/2016/5xxx/CVE-2016-5106.json index f58c9e363f8..892ddadbc37 100644 --- a/2016/5xxx/CVE-2016-5106.json +++ b/2016/5xxx/CVE-2016-5106.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-5106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160525 CVE Request Qemu: scsi: megasas: out-of-bounds write while setting controller properties", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/25/6" - }, - { - "name" : "[oss-security] 20160526 Re: CVE Request Qemu: scsi: megasas: out-of-bounds write while setting controller properties", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/26/8" - }, - { - "name" : "[qemu-devel] 20160525 [Qemu-devel] [PATCH 1/3] scsi: megasas: use appropriate property buffer", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04340.html" - }, - { - "name" : "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1339578", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1339578" - }, - { - "name" : "GLSA-201609-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201609-01" - }, - { - "name" : "USN-3047-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3047-1" - }, - { - "name" : "USN-3047-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3047-2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3047-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3047-1" + }, + { + "name": "[oss-security] 20160526 Re: CVE Request Qemu: scsi: megasas: out-of-bounds write while setting controller properties", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/26/8" + }, + { + "name": "[qemu-devel] 20160525 [Qemu-devel] [PATCH 1/3] scsi: megasas: use appropriate property buffer", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04340.html" + }, + { + "name": "GLSA-201609-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201609-01" + }, + { + "name": "USN-3047-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3047-2" + }, + { + "name": "[oss-security] 20160525 CVE Request Qemu: scsi: megasas: out-of-bounds write while setting controller properties", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/25/6" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1339578", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1339578" + }, + { + "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5174.json b/2016/5xxx/CVE-2016-5174.json index 3d2336c2f70..98a81c49885 100644 --- a/2016/5xxx/CVE-2016-5174.json +++ b/2016/5xxx/CVE-2016-5174.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2016-5174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://codereview.chromium.org/2053343003", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/2053343003" - }, - { - "name" : "https://crbug.com/579934", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/579934" - }, - { - "name" : "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html", - "refsource" : "CONFIRM", - "url" : "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html" - }, - { - "name" : "DSA-3667", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3667" - }, - { - "name" : "GLSA-201610-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-09" - }, - { - "name" : "RHSA-2016:1905", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1905.html" - }, - { - "name" : "92942", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92942" - }, - { - "name" : "1036826", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036826" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3667", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3667" + }, + { + "name": "1036826", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036826" + }, + { + "name": "92942", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92942" + }, + { + "name": "https://crbug.com/579934", + "refsource": "CONFIRM", + "url": "https://crbug.com/579934" + }, + { + "name": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html", + "refsource": "CONFIRM", + "url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html" + }, + { + "name": "https://codereview.chromium.org/2053343003", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/2053343003" + }, + { + "name": "GLSA-201610-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-09" + }, + { + "name": "RHSA-2016:1905", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5290.json b/2016/5xxx/CVE-2016-5290.json index 72223dad061..de94e1c0522 100644 --- a/2016/5xxx/CVE-2016-5290.json +++ b/2016/5xxx/CVE-2016-5290.json @@ -1,130 +1,130 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2016-5290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "45.5" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "45.5" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "50" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-5290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "45.5" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "45.5" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "50" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1309720%2C1297062%2C1303710%2C1018486%2C1292590%2C1301343%2C1301496%2C1308048%2C1308346%2C1299519%2C1286911%2C1298169", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1309720%2C1297062%2C1303710%2C1018486%2C1292590%2C1301343%2C1301496%2C1308048%2C1308346%2C1299519%2C1286911%2C1298169" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2016-89/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2016-89/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2016-90/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2016-90/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2016-93/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2016-93/" - }, - { - "name" : "DSA-3730", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2016/dsa-3730" - }, - { - "name" : "GLSA-201701-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-15" - }, - { - "name" : "RHSA-2016:2780", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2780.html" - }, - { - "name" : "RHSA-2016:2825", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2825.html" - }, - { - "name" : "94335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94335" - }, - { - "name" : "1037298", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3730", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2016/dsa-3730" + }, + { + "name": "RHSA-2016:2825", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2825.html" + }, + { + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1309720%2C1297062%2C1303710%2C1018486%2C1292590%2C1301343%2C1301496%2C1308048%2C1308346%2C1299519%2C1286911%2C1298169", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1309720%2C1297062%2C1303710%2C1018486%2C1292590%2C1301343%2C1301496%2C1308048%2C1308346%2C1299519%2C1286911%2C1298169" + }, + { + "name": "94335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94335" + }, + { + "name": "1037298", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037298" + }, + { + "name": "GLSA-201701-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-15" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2016-93/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2016-93/" + }, + { + "name": "RHSA-2016:2780", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2780.html" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2016-89/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2016-90/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2016-90/" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5403.json b/2016/5xxx/CVE-2016-5403.json index 5194915a9c0..9d9c33eeffc 100644 --- a/2016/5xxx/CVE-2016-5403.json +++ b/2016/5xxx/CVE-2016-5403.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-5403", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-5403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xenbits.xen.org/xsa/advisory-184.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-184.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1358359", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1358359" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" - }, - { - "name" : "RHSA-2016:1585", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1585.html" - }, - { - "name" : "RHSA-2016:1586", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1586.html" - }, - { - "name" : "RHSA-2016:1606", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1606.html" - }, - { - "name" : "RHSA-2016:1607", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1607.html" - }, - { - "name" : "RHSA-2016:1652", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1652.html" - }, - { - "name" : "RHSA-2016:1653", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1653.html" - }, - { - "name" : "RHSA-2016:1654", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1654.html" - }, - { - "name" : "RHSA-2016:1655", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1655.html" - }, - { - "name" : "RHSA-2016:1756", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1756.html" - }, - { - "name" : "RHSA-2016:1763", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1763.html" - }, - { - "name" : "RHSA-2016:1943", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1943.html" - }, - { - "name" : "USN-3047-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3047-1" - }, - { - "name" : "USN-3047-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3047-2" - }, - { - "name" : "92148", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92148" - }, - { - "name" : "1036476", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036476" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "RHSA-2016:1756", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1756.html" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-184.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-184.html" + }, + { + "name": "USN-3047-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3047-1" + }, + { + "name": "RHSA-2016:1655", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1655.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1358359", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358359" + }, + { + "name": "RHSA-2016:1763", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1763.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" + }, + { + "name": "RHSA-2016:1585", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1585.html" + }, + { + "name": "RHSA-2016:1653", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1653.html" + }, + { + "name": "RHSA-2016:1607", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1607.html" + }, + { + "name": "RHSA-2016:1654", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1654.html" + }, + { + "name": "1036476", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036476" + }, + { + "name": "USN-3047-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3047-2" + }, + { + "name": "RHSA-2016:1606", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1606.html" + }, + { + "name": "RHSA-2016:1586", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1586.html" + }, + { + "name": "RHSA-2016:1943", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1943.html" + }, + { + "name": "92148", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92148" + }, + { + "name": "RHSA-2016:1652", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1652.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2288.json b/2018/2xxx/CVE-2018-2288.json index e88c46a20fc..2937d8f26f5 100644 --- a/2018/2xxx/CVE-2018-2288.json +++ b/2018/2xxx/CVE-2018-2288.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2288", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2288", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2659.json b/2018/2xxx/CVE-2018-2659.json index 998159d5b72..5bde3717950 100644 --- a/2018/2xxx/CVE-2018-2659.json +++ b/2018/2xxx/CVE-2018-2659.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "JD Edwards EnterpriseOne Tools", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "9.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "JD Edwards EnterpriseOne Tools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102707", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102707" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102707", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102707" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2682.json b/2018/2xxx/CVE-2018-2682.json index 9d0761657ce..ac4ce6767fd 100644 --- a/2018/2xxx/CVE-2018-2682.json +++ b/2018/2xxx/CVE-2018-2682.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2682", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Financial Services Liquidity Risk Management", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.0.x" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Financial Services Liquidity Risk Management component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Liquidity Risk Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Liquidity Risk Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Liquidity Risk Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Liquidity Risk Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Liquidity Risk Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Liquidity Risk Management accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Services Liquidity Risk Management", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.0.x" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102657", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102657" - }, - { - "name" : "1040214", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Financial Services Liquidity Risk Management component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Liquidity Risk Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Liquidity Risk Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Liquidity Risk Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Liquidity Risk Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Liquidity Risk Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Liquidity Risk Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "1040214", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040214" + }, + { + "name": "102657", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102657" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2738.json b/2018/2xxx/CVE-2018-2738.json index 3b77a8253c2..3fb3ae05520 100644 --- a/2018/2xxx/CVE-2018-2738.json +++ b/2018/2xxx/CVE-2018-2738.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Retail Central Office", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "13.4.9" - }, - { - "version_affected" : "=", - "version_value" : "14.0.4" - }, - { - "version_affected" : "=", - "version_value" : "14.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Retail Central Office component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.4.9, 14.0.4 and 14.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Central Office. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Central Office accessible data as well as unauthorized read access to a subset of Oracle Retail Central Office accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Central Office. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Central Office accessible data as well as unauthorized read access to a subset of Oracle Retail Central Office accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Retail Central Office", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "13.4.9" + }, + { + "version_affected": "=", + "version_value": "14.0.4" + }, + { + "version_affected": "=", + "version_value": "14.1.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "103813", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103813" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Retail Central Office component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.4.9, 14.0.4 and 14.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Central Office. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Central Office accessible data as well as unauthorized read access to a subset of Oracle Retail Central Office accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Central Office. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Central Office accessible data as well as unauthorized read access to a subset of Oracle Retail Central Office accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "103813", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103813" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6719.json b/2018/6xxx/CVE-2018-6719.json index e83d4dedb24..b6472954a16 100644 --- a/2018/6xxx/CVE-2018-6719.json +++ b/2018/6xxx/CVE-2018-6719.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6719", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6719", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0121.json b/2019/0xxx/CVE-2019-0121.json index c62ccba9b20..4dcfbfccf2d 100644 --- a/2019/0xxx/CVE-2019-0121.json +++ b/2019/0xxx/CVE-2019-0121.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2019-03-12T00:00:00", - "ID" : "CVE-2019-0121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel(R) Matrix Storage Manager", - "version" : { - "version_data" : [ - { - "version_value" : "8.9.0.1023 and before" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improper permissions in Intel(R) Matrix Storage Manager 8.9.0.1023 and before may allow an authenticated user to potentially enable escalation of privilege via local access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2019-03-12T00:00:00", + "ID": "CVE-2019-0121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel(R) Matrix Storage Manager", + "version": { + "version_data": [ + { + "version_value": "8.9.0.1023 and before" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00216.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00216.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper permissions in Intel(R) Matrix Storage Manager 8.9.0.1023 and before may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00216.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00216.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0233.json b/2019/0xxx/CVE-2019-0233.json index c09b5a982c5..809dafe33b6 100644 --- a/2019/0xxx/CVE-2019-0233.json +++ b/2019/0xxx/CVE-2019-0233.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0233", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0233", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0335.json b/2019/0xxx/CVE-2019-0335.json index f6010b2b9f6..2c3cc3f3aea 100644 --- a/2019/0xxx/CVE-2019-0335.json +++ b/2019/0xxx/CVE-2019-0335.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0335", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0335", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1269.json b/2019/1xxx/CVE-2019-1269.json index d10421495b6..6ac36d3d096 100644 --- a/2019/1xxx/CVE-2019-1269.json +++ b/2019/1xxx/CVE-2019-1269.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1269", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1269", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1275.json b/2019/1xxx/CVE-2019-1275.json index 4355ba6ea9b..bb7261614a0 100644 --- a/2019/1xxx/CVE-2019-1275.json +++ b/2019/1xxx/CVE-2019-1275.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1275", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1275", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1299.json b/2019/1xxx/CVE-2019-1299.json index e1f8dbf9d59..e9137c5e9a5 100644 --- a/2019/1xxx/CVE-2019-1299.json +++ b/2019/1xxx/CVE-2019-1299.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1299", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1299", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4370.json b/2019/4xxx/CVE-2019-4370.json index b5e02f8855d..3dce5732394 100644 --- a/2019/4xxx/CVE-2019-4370.json +++ b/2019/4xxx/CVE-2019-4370.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4370", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4370", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5061.json b/2019/5xxx/CVE-2019-5061.json index dcd6f2cfe74..8ec56ae3d08 100644 --- a/2019/5xxx/CVE-2019-5061.json +++ b/2019/5xxx/CVE-2019-5061.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5061", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5061", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5483.json b/2019/5xxx/CVE-2019-5483.json index 6bb4e603038..05cb0b84222 100644 --- a/2019/5xxx/CVE-2019-5483.json +++ b/2019/5xxx/CVE-2019-5483.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5483", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5483", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5527.json b/2019/5xxx/CVE-2019-5527.json index 3c2bdbb00b4..7b7145a581c 100644 --- a/2019/5xxx/CVE-2019-5527.json +++ b/2019/5xxx/CVE-2019-5527.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5527", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5527", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file