From f8fb0550958a94cd09a96794d15b833ccac59743 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:49:45 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/0xxx/CVE-1999-0428.json | 120 +++++----- 1999/0xxx/CVE-1999-0705.json | 120 +++++----- 1999/1xxx/CVE-1999-1149.json | 130 +++++------ 2000/1xxx/CVE-2000-1121.json | 160 ++++++------- 2005/2xxx/CVE-2005-2317.json | 200 ++++++++-------- 2005/2xxx/CVE-2005-2413.json | 170 +++++++------- 2005/2xxx/CVE-2005-2421.json | 150 ++++++------ 2005/2xxx/CVE-2005-2438.json | 160 ++++++------- 2005/2xxx/CVE-2005-2581.json | 150 ++++++------ 2005/3xxx/CVE-2005-3218.json | 130 +++++------ 2005/3xxx/CVE-2005-3335.json | 250 ++++++++++---------- 2005/4xxx/CVE-2005-4473.json | 160 ++++++------- 2009/2xxx/CVE-2009-2069.json | 140 ++++++------ 2009/2xxx/CVE-2009-2397.json | 140 ++++++------ 2009/2xxx/CVE-2009-2804.json | 210 ++++++++--------- 2009/2xxx/CVE-2009-2861.json | 170 +++++++------- 2009/3xxx/CVE-2009-3182.json | 130 +++++------ 2009/3xxx/CVE-2009-3521.json | 150 ++++++------ 2009/3xxx/CVE-2009-3594.json | 150 ++++++------ 2009/3xxx/CVE-2009-3791.json | 130 +++++------ 2015/0xxx/CVE-2015-0137.json | 120 +++++----- 2015/0xxx/CVE-2015-0430.json | 150 ++++++------ 2015/1xxx/CVE-2015-1080.json | 200 ++++++++-------- 2015/1xxx/CVE-2015-1240.json | 210 ++++++++--------- 2015/1xxx/CVE-2015-1526.json | 130 +++++------ 2015/4xxx/CVE-2015-4072.json | 150 ++++++------ 2015/4xxx/CVE-2015-4263.json | 130 +++++------ 2015/4xxx/CVE-2015-4277.json | 130 +++++------ 2015/4xxx/CVE-2015-4491.json | 430 +++++++++++++++++------------------ 2015/8xxx/CVE-2015-8375.json | 150 ++++++------ 2015/8xxx/CVE-2015-8884.json | 34 +-- 2015/8xxx/CVE-2015-8987.json | 120 +++++----- 2015/9xxx/CVE-2015-9242.json | 142 ++++++------ 2018/2xxx/CVE-2018-2358.json | 34 +-- 2018/2xxx/CVE-2018-2481.json | 204 ++++++++--------- 2018/2xxx/CVE-2018-2543.json | 34 +-- 2018/2xxx/CVE-2018-2686.json | 150 ++++++------ 2018/2xxx/CVE-2018-2843.json | 160 ++++++------- 2018/2xxx/CVE-2018-2935.json | 166 +++++++------- 2018/3xxx/CVE-2018-3110.json | 166 +++++++------- 2018/6xxx/CVE-2018-6577.json | 120 +++++----- 2018/6xxx/CVE-2018-6619.json | 130 +++++------ 2018/6xxx/CVE-2018-6667.json | 196 ++++++++-------- 2018/7xxx/CVE-2018-7144.json | 34 +-- 2018/7xxx/CVE-2018-7919.json | 34 +-- 2019/5xxx/CVE-2019-5208.json | 34 +-- 2019/5xxx/CVE-2019-5740.json | 34 +-- 2019/5xxx/CVE-2019-5754.json | 162 ++++++------- 2019/5xxx/CVE-2019-5908.json | 34 +-- 49 files changed, 3454 insertions(+), 3454 deletions(-) diff --git a/1999/0xxx/CVE-1999-0428.json b/1999/0xxx/CVE-1999-0428.json index 3ccf9f8d5f9..ccccf3c95fb 100644 --- a/1999/0xxx/CVE-1999-0428.json +++ b/1999/0xxx/CVE-1999-0428.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3936", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3936" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3936", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3936" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0705.json b/1999/0xxx/CVE-1999-0705.json index c368f131c48..07ec90b3c4a 100644 --- a/1999/0xxx/CVE-1999-0705.json +++ b/1999/0xxx/CVE-1999-0705.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in INN inews program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "616", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/616" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in INN inews program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "616", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/616" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1149.json b/1999/1xxx/CVE-1999-1149.json index b8b17819b44..f7392c71876 100644 --- a/1999/1xxx/CVE-1999-1149.json +++ b/1999/1xxx/CVE-1999-1149.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in CSM Proxy 4.1 allows remote attackers to cause a denial of service (crash) via a long string to the FTP port." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19980716 S.A.F.E.R. Security Bulletin 980708.DOS.1.1", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=90221104525993&w=2" - }, - { - "name" : "csm-proxy-dos(1422)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1422" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in CSM Proxy 4.1 allows remote attackers to cause a denial of service (crash) via a long string to the FTP port." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19980716 S.A.F.E.R. Security Bulletin 980708.DOS.1.1", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=90221104525993&w=2" + }, + { + "name": "csm-proxy-dos(1422)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1422" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1121.json b/2000/1xxx/CVE-2000-1121.json index d02e28b7add..42d66264a13 100644 --- a/2000/1xxx/CVE-2000-1121.json +++ b/2000/1xxx/CVE-2000-1121.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long -M argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001201 Fixed local AIX V43 vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=97569466809056&w=2" - }, - { - "name" : "IY08143", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY08143&apar=only" - }, - { - "name" : "IY08287", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY08287&apar=only" - }, - { - "name" : "2034", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2034" - }, - { - "name" : "aix-enq-bo(5619)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long -M argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IY08287", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY08287&apar=only" + }, + { + "name": "2034", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2034" + }, + { + "name": "IY08143", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY08143&apar=only" + }, + { + "name": "20001201 Fixed local AIX V43 vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=97569466809056&w=2" + }, + { + "name": "aix-enq-bo(5619)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5619" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2317.json b/2005/2xxx/CVE-2005-2317.json index b175f2c6829..1691fb71e39 100644 --- a/2005/2xxx/CVE-2005-2317.json +++ b/2005/2xxx/CVE-2005-2317.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before 2.0.17, when MACLIST_TTL is greater than 0 or MACLIST_DISPOSITION is set to ACCEPT, allows remote attackers with an accepted MAC address to bypass other firewall rules or policies." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050718 Shorewall MACLIST Problem", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/lists/fulldisclosure/2005/Jul/0409.html" - }, - { - "name" : "DSA-849", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-849" - }, - { - "name" : "GLSA-200507-20", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200507-20.xml" - }, - { - "name" : "USN-197-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-197-1" - }, - { - "name" : "http://shorewall.net/News.htm#20050717", - "refsource" : "CONFIRM", - "url" : "http://shorewall.net/News.htm#20050717" - }, - { - "name" : "14292", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14292" - }, - { - "name" : "16087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16087" - }, - { - "name" : "17110", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17110" - }, - { - "name" : "17113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before 2.0.17, when MACLIST_TTL is greater than 0 or MACLIST_DISPOSITION is set to ACCEPT, allows remote attackers with an accepted MAC address to bypass other firewall rules or policies." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14292", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14292" + }, + { + "name": "DSA-849", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-849" + }, + { + "name": "http://shorewall.net/News.htm#20050717", + "refsource": "CONFIRM", + "url": "http://shorewall.net/News.htm#20050717" + }, + { + "name": "17110", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17110" + }, + { + "name": "USN-197-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-197-1" + }, + { + "name": "17113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17113" + }, + { + "name": "16087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16087" + }, + { + "name": "GLSA-200507-20", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200507-20.xml" + }, + { + "name": "20050718 Shorewall MACLIST Problem", + "refsource": "FULLDISC", + "url": "http://seclists.org/lists/fulldisclosure/2005/Jul/0409.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2413.json b/2005/2xxx/CVE-2005-2413.json index 1898b23e48d..e23b91b5449 100644 --- a/2005/2xxx/CVE-2005-2413.json +++ b/2005/2xxx/CVE-2005-2413.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2413", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in Atomic Photo Album (APA) allows remote attackers to execute arbitrary PHP code via the apa_module_basedir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050723 Atomic Photo Album (APA) apa_phpinclude.inc.php remote file include", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112230428725189&w=2" - }, - { - "name" : "14368", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14368" - }, - { - "name" : "18265", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18265" - }, - { - "name" : "1014569", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014569" - }, - { - "name" : "16201", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16201" - }, - { - "name" : "apa-apaphpinclude-file-include(21562)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21562" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in Atomic Photo Album (APA) allows remote attackers to execute arbitrary PHP code via the apa_module_basedir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050723 Atomic Photo Album (APA) apa_phpinclude.inc.php remote file include", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112230428725189&w=2" + }, + { + "name": "apa-apaphpinclude-file-include(21562)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21562" + }, + { + "name": "1014569", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014569" + }, + { + "name": "18265", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18265" + }, + { + "name": "16201", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16201" + }, + { + "name": "14368", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14368" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2421.json b/2005/2xxx/CVE-2005-2421.json index d10d53da9b9..3b97a0dac43 100644 --- a/2005/2xxx/CVE-2005-2421.json +++ b/2005/2xxx/CVE-2005-2421.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in index.php and other pages in Beehive Forum allow remote attackers to execute arbitrary SQL commands via the webtag parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050725 Beehive Forum Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112230744103930&w=2" - }, - { - "name" : "14361", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14361" - }, - { - "name" : "16217", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16217" - }, - { - "name" : "beehiveforum-webtag-sql-injection(21535)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21535" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in index.php and other pages in Beehive Forum allow remote attackers to execute arbitrary SQL commands via the webtag parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "beehiveforum-webtag-sql-injection(21535)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21535" + }, + { + "name": "20050725 Beehive Forum Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112230744103930&w=2" + }, + { + "name": "16217", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16217" + }, + { + "name": "14361", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14361" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2438.json b/2005/2xxx/CVE-2005-2438.json index 879d5f5f345..d249a61e71d 100644 --- a/2005/2xxx/CVE-2005-2438.json +++ b/2005/2xxx/CVE-2005-2438.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and earlier allows remote attackers to inject arbitrary Javascript via the BBCode color value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050728 Advisory 12/2005: UseBB Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112264706213040&w=2" - }, - { - "name" : "http://www.hardened-php.net/advisory_122005.60.html", - "refsource" : "MISC", - "url" : "http://www.hardened-php.net/advisory_122005.60.html" - }, - { - "name" : "http://www.usebb.net/community/topic.php?id=605", - "refsource" : "CONFIRM", - "url" : "http://www.usebb.net/community/topic.php?id=605" - }, - { - "name" : "14412", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14412" - }, - { - "name" : "usebb-colorbbcode-xss(21651)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and earlier allows remote attackers to inject arbitrary Javascript via the BBCode color value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "usebb-colorbbcode-xss(21651)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21651" + }, + { + "name": "http://www.usebb.net/community/topic.php?id=605", + "refsource": "CONFIRM", + "url": "http://www.usebb.net/community/topic.php?id=605" + }, + { + "name": "14412", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14412" + }, + { + "name": "20050728 Advisory 12/2005: UseBB Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112264706213040&w=2" + }, + { + "name": "http://www.hardened-php.net/advisory_122005.60.html", + "refsource": "MISC", + "url": "http://www.hardened-php.net/advisory_122005.60.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2581.json b/2005/2xxx/CVE-2005-2581.json index 5bf02e86e84..226703d17cc 100644 --- a/2005/2xxx/CVE-2005-2581.json +++ b/2005/2xxx/CVE-2005-2581.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and possibly earlier versions, allows remote attackers to cause a denial of service (device hang or reboot) via a large UDP packet to port 5060." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050812 Grandstream Budge Tone 101/102 DoS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112388062328906&w=2" - }, - { - "name" : "14539", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14539" - }, - { - "name" : "1014665", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014665" - }, - { - "name" : "16438", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16438" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and possibly earlier versions, allows remote attackers to cause a denial of service (device hang or reboot) via a large UDP packet to port 5060." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014665", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014665" + }, + { + "name": "14539", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14539" + }, + { + "name": "20050812 Grandstream Budge Tone 101/102 DoS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112388062328906&w=2" + }, + { + "name": "16438", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16438" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3218.json b/2005/3xxx/CVE-2005-3218.json index 304e36f650a..0677f5906f6 100644 --- a/2005/3xxx/CVE-2005-3218.json +++ b/2005/3xxx/CVE-2005-3218.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple interpretation error in unspecified versions of Dr.Web Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051007 Antivirus detection bypass by special crafted archive.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112879611919750&w=2" - }, - { - "name" : "http://shadock.net/secubox/AVCraftedArchive.html", - "refsource" : "MISC", - "url" : "http://shadock.net/secubox/AVCraftedArchive.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple interpretation error in unspecified versions of Dr.Web Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://shadock.net/secubox/AVCraftedArchive.html", + "refsource": "MISC", + "url": "http://shadock.net/secubox/AVCraftedArchive.html" + }, + { + "name": "20051007 Antivirus detection bypass by special crafted archive.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112879611919750&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3335.json b/2005/3xxx/CVE-2005-3335.json index 78c6a1cfd11..9080e97dcf2 100644 --- a/2005/3xxx/CVE-2005-3335.json +++ b/2005/3xxx/CVE-2005-3335.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2005-46/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2005-46/advisory/" - }, - { - "name" : "http://bugs.mantisbt.org/changelog_page.php", - "refsource" : "MISC", - "url" : "http://bugs.mantisbt.org/changelog_page.php" - }, - { - "name" : "DSA-905", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-905" - }, - { - "name" : "GLSA-200510-24", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml" - }, - { - "name" : "15212", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15212" - }, - { - "name" : "15227", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15227" - }, - { - "name" : "ADV-2005-2221", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2221" - }, - { - "name" : "1015110", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015110" - }, - { - "name" : "16818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16818" - }, - { - "name" : "17362", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17362" - }, - { - "name" : "16506", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16506" - }, - { - "name" : "17654", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17654" - }, - { - "name" : "121", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/121" - }, - { - "name" : "mantis-tcorepath-file-include(22886)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22886" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.mantisbt.org/changelog_page.php", + "refsource": "MISC", + "url": "http://bugs.mantisbt.org/changelog_page.php" + }, + { + "name": "DSA-905", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-905" + }, + { + "name": "121", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/121" + }, + { + "name": "ADV-2005-2221", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2221" + }, + { + "name": "16506", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16506" + }, + { + "name": "17654", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17654" + }, + { + "name": "GLSA-200510-24", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml" + }, + { + "name": "http://secunia.com/secunia_research/2005-46/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2005-46/advisory/" + }, + { + "name": "17362", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17362" + }, + { + "name": "15212", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15212" + }, + { + "name": "16818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16818" + }, + { + "name": "1015110", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015110" + }, + { + "name": "mantis-tcorepath-file-include(22886)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22886" + }, + { + "name": "15227", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15227" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4473.json b/2005/4xxx/CVE-2005-4473.json index e07ec647f3b..22843ab6325 100644 --- a/2005/4xxx/CVE-2005-4473.json +++ b/2005/4xxx/CVE-2005-4473.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows remote attackers to view web application source code via \"a malformed URL.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.macromedia.com/devnet/security/security_zone/mpsb05-13.html", - "refsource" : "CONFIRM", - "url" : "http://www.macromedia.com/devnet/security/security_zone/mpsb05-13.html" - }, - { - "name" : "15905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15905" - }, - { - "name" : "ADV-2005-2949", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2949" - }, - { - "name" : "1015370", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015370" - }, - { - "name" : "18077", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows remote attackers to view web application source code via \"a malformed URL.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2949", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2949" + }, + { + "name": "18077", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18077" + }, + { + "name": "15905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15905" + }, + { + "name": "1015370", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015370" + }, + { + "name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-13.html", + "refsource": "CONFIRM", + "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-13.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2069.json b/2009/2xxx/CVE-2009-2069.json index c9e6b92274d..dc32e156109 100644 --- a/2009/2xxx/CVE-2009-2069.json +++ b/2009/2xxx/CVE-2009-2069.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://research.microsoft.com/apps/pubs/default.aspx?id=79323", - "refsource" : "MISC", - "url" : "http://research.microsoft.com/apps/pubs/default.aspx?id=79323" - }, - { - "name" : "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf", - "refsource" : "MISC", - "url" : "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf" - }, - { - "name" : "35411", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35411" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf", + "refsource": "MISC", + "url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf" + }, + { + "name": "35411", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35411" + }, + { + "name": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323", + "refsource": "MISC", + "url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2397.json b/2009/2xxx/CVE-2009-2397.json index 063733bcd51..b8a6d7da299 100644 --- a/2009/2xxx/CVE-2009-2397.json +++ b/2009/2xxx/CVE-2009-2397.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2397", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in download.php in Audio Article Directory allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9041", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9041" - }, - { - "name" : "35609", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35609" - }, - { - "name" : "ADV-2009-1738", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1738" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in download.php in Audio Article Directory allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35609", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35609" + }, + { + "name": "9041", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9041" + }, + { + "name": "ADV-2009-1738", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1738" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2804.json b/2009/2xxx/CVE-2009-2804.json index b073d8f9e2b..2eb71f2a28b 100644 --- a/2009/2xxx/CVE-2009-2804.json +++ b/2009/2xxx/CVE-2009-2804.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3865", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3865" - }, - { - "name" : "http://support.apple.com/kb/HT3949", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3949" - }, - { - "name" : "APPLE-SA-2009-09-10-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" - }, - { - "name" : "APPLE-SA-2009-11-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html" - }, - { - "name" : "36357", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36357" - }, - { - "name" : "57949", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/57949" - }, - { - "name" : "36701", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36701" - }, - { - "name" : "37346", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37346" - }, - { - "name" : "ADV-2009-3217", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3217" - }, - { - "name" : "apple-macosx-colosync-bo(53166)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53166" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2009-11-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html" + }, + { + "name": "ADV-2009-3217", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3217" + }, + { + "name": "36357", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36357" + }, + { + "name": "APPLE-SA-2009-09-10-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" + }, + { + "name": "http://support.apple.com/kb/HT3949", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3949" + }, + { + "name": "apple-macosx-colosync-bo(53166)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53166" + }, + { + "name": "http://support.apple.com/kb/HT3865", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3865" + }, + { + "name": "36701", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36701" + }, + { + "name": "57949", + "refsource": "OSVDB", + "url": "http://osvdb.org/57949" + }, + { + "name": "37346", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37346" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2861.json b/2009/2xxx/CVE-2009-2861.json index b74f3facc1c..e2c909dd158 100644 --- a/2009/2xxx/CVE-2009-2861.json +++ b/2009/2xxx/CVE-2009-2861.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet Lightweight Access Point 1100 and 1200 devices does not properly implement access-point association, which allows remote attackers to spoof a controller and cause a denial of service (service outage) via crafted remote radio management (RRM) packets, aka \"SkyJack\" or Bug ID CSCtb56664." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2009-2861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.airmagnet.com/assets/AM_Technote_SkyJack_082509.pdf", - "refsource" : "MISC", - "url" : "http://www.airmagnet.com/assets/AM_Technote_SkyJack_082509.pdf" - }, - { - "name" : "http://www.airmagnet.com/news/press_releases/2009/08252009.php", - "refsource" : "MISC", - "url" : "http://www.airmagnet.com/news/press_releases/2009/08252009.php" - }, - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=18919", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=18919" - }, - { - "name" : "36145", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36145" - }, - { - "name" : "1022774", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022774" - }, - { - "name" : "ADV-2009-2419", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2419" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet Lightweight Access Point 1100 and 1200 devices does not properly implement access-point association, which allows remote attackers to spoof a controller and cause a denial of service (service outage) via crafted remote radio management (RRM) packets, aka \"SkyJack\" or Bug ID CSCtb56664." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.airmagnet.com/assets/AM_Technote_SkyJack_082509.pdf", + "refsource": "MISC", + "url": "http://www.airmagnet.com/assets/AM_Technote_SkyJack_082509.pdf" + }, + { + "name": "36145", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36145" + }, + { + "name": "ADV-2009-2419", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2419" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18919", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18919" + }, + { + "name": "1022774", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022774" + }, + { + "name": "http://www.airmagnet.com/news/press_releases/2009/08252009.php", + "refsource": "MISC", + "url": "http://www.airmagnet.com/news/press_releases/2009/08252009.php" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3182.json b/2009/3xxx/CVE-2009-3182.json index fbc26c96329..16764ba196b 100644 --- a/2009/3xxx/CVE-2009-3182.json +++ b/2009/3xxx/CVE-2009-3182.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in admin/editor/filemanager/browser.html in Anantasoft Gazelle CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in user/File/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9433", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9433" - }, - { - "name" : "33686", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33686" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in admin/editor/filemanager/browser.html in Anantasoft Gazelle CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in user/File/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9433", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9433" + }, + { + "name": "33686", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33686" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3521.json b/2009/3xxx/CVE-2009-3521.json index 150325e788a..dd65eee73b2 100644 --- a/2009/3xxx/CVE-2009-3521.json +++ b/2009/3xxx/CVE-2009-3521.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Visualization Engine (VE) in IBM Tivoli Composite Application Manager for WebSphere (ITCAM) 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "PK90126", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg1PK90126" - }, - { - "name" : "36551", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36551" - }, - { - "name" : "36901", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36901" - }, - { - "name" : "ADV-2009-2797", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2797" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Visualization Engine (VE) in IBM Tivoli Composite Application Manager for WebSphere (ITCAM) 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-2797", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2797" + }, + { + "name": "36901", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36901" + }, + { + "name": "36551", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36551" + }, + { + "name": "PK90126", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg1PK90126" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3594.json b/2009/3xxx/CVE-2009-3594.json index d350b5b3f23..a2013f7d431 100644 --- a/2009/3xxx/CVE-2009-3594.json +++ b/2009/3xxx/CVE-2009-3594.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in bpost.php in BLOB Blog System before 1.2 allows remote attackers to inject arbitrary web script or HTML via the postid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blob.yewipeya.net/bpost.php?postid=0008", - "refsource" : "MISC", - "url" : "http://blob.yewipeya.net/bpost.php?postid=0008" - }, - { - "name" : "56261", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/56261" - }, - { - "name" : "35938", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35938" - }, - { - "name" : "blob-bpost-xss(51959)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51959" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in bpost.php in BLOB Blog System before 1.2 allows remote attackers to inject arbitrary web script or HTML via the postid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35938", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35938" + }, + { + "name": "56261", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/56261" + }, + { + "name": "blob-bpost-xss(51959)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51959" + }, + { + "name": "http://blob.yewipeya.net/bpost.php?postid=0008", + "refsource": "MISC", + "url": "http://blob.yewipeya.net/bpost.php?postid=0008" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3791.json b/2009/3xxx/CVE-2009-3791.json index 27f927c96b6..1e9529ebe5e 100644 --- a/2009/3xxx/CVE-2009-3791.json +++ b/2009/3xxx/CVE-2009-3791.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.5.3 allows attackers to cause a denial of service (resource exhaustion) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2009-3791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb09-18.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb09-18.html" - }, - { - "name" : "37419", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37419" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.5.3 allows attackers to cause a denial of service (resource exhaustion) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb09-18.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb09-18.html" + }, + { + "name": "37419", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37419" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0137.json b/2015/0xxx/CVE-2015-0137.json index 12b3b784f6d..7766881a896 100644 --- a/2015/0xxx/CVE-2015-0137.json +++ b/2015/0xxx/CVE-2015-0137.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM PowerVC Standard 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 validates Hardware Management Console (HMC) certificates only during the pre-login stage, which allows man-in-the-middle attackers to spoof devices via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020611", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020611" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM PowerVC Standard 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 validates Hardware Management Console (HMC) certificates only during the pre-login stage, which allows man-in-the-middle attackers to spoof devices via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020611", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020611" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0430.json b/2015/0xxx/CVE-2015-0430.json index c8fd3161d07..4233e790180 100644 --- a/2015/0xxx/CVE-2015-0430.json +++ b/2015/0xxx/CVE-2015-0430.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0430", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality via vectors related to RPC Utility." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0430", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "72141", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72141" - }, - { - "name" : "1031583", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031583" - }, - { - "name" : "oracle-cpujan2015-cve20150430(100175)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100175" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality via vectors related to RPC Utility." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031583", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031583" + }, + { + "name": "oracle-cpujan2015-cve20150430(100175)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100175" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "72141", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72141" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1080.json b/2015/1xxx/CVE-2015-1080.json index f55f308afe9..12e94fe088c 100644 --- a/2015/1xxx/CVE-2015-1080.json +++ b/2015/1xxx/CVE-2015-1080.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204560", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204560" - }, - { - "name" : "https://support.apple.com/HT204661", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204661" - }, - { - "name" : "https://support.apple.com/HT204662", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204662" - }, - { - "name" : "https://support.apple.com/kb/HT204949", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT204949" - }, - { - "name" : "APPLE-SA-2015-03-17-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Mar/msg00004.html" - }, - { - "name" : "APPLE-SA-2015-04-08-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" - }, - { - "name" : "APPLE-SA-2015-04-08-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" - }, - { - "name" : "APPLE-SA-2015-06-30-6", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" - }, - { - "name" : "1031936", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031936" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-04-08-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" + }, + { + "name": "APPLE-SA-2015-06-30-6", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" + }, + { + "name": "APPLE-SA-2015-03-17-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00004.html" + }, + { + "name": "https://support.apple.com/kb/HT204949", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT204949" + }, + { + "name": "1031936", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031936" + }, + { + "name": "https://support.apple.com/HT204662", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204662" + }, + { + "name": "https://support.apple.com/HT204560", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204560" + }, + { + "name": "APPLE-SA-2015-04-08-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" + }, + { + "name": "https://support.apple.com/HT204661", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204661" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1240.json b/2015/1xxx/CVE-2015-1240.json index 35856b48c16..94ef706a50a 100644 --- a/2015/1xxx/CVE-2015-1240.json +++ b/2015/1xxx/CVE-2015-1240.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebGL program that triggers a state inconsistency." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=463599", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=463599" - }, - { - "name" : "https://codereview.chromium.org/978193003", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/978193003" - }, - { - "name" : "DSA-3238", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3238" - }, - { - "name" : "GLSA-201506-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201506-04" - }, - { - "name" : "RHSA-2015:0816", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0816.html" - }, - { - "name" : "openSUSE-SU-2015:1887", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html" - }, - { - "name" : "openSUSE-SU-2015:0748", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html" - }, - { - "name" : "USN-2570-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-2570-1" - }, - { - "name" : "1032209", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebGL program that triggers a state inconsistency." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:0816", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0816.html" + }, + { + "name": "https://codereview.chromium.org/978193003", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/978193003" + }, + { + "name": "USN-2570-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-2570-1" + }, + { + "name": "DSA-3238", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3238" + }, + { + "name": "openSUSE-SU-2015:1887", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html" + }, + { + "name": "GLSA-201506-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201506-04" + }, + { + "name": "1032209", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032209" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=463599", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=463599" + }, + { + "name": "openSUSE-SU-2015:0748", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1526.json b/2015/1xxx/CVE-2015-1526.json index c65cdccddf4..8eb9ecab5f4 100644 --- a/2015/1xxx/CVE-2015-1526.json +++ b/2015/1xxx/CVE-2015-1526.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The media_server component in Android allows remote attackers to cause a denial of service via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf", - "refsource" : "MISC", - "url" : "https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf" - }, - { - "name" : "76666", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76666" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The media_server component in Android allows remote attackers to cause a denial of service via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "76666", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76666" + }, + { + "name": "https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf", + "refsource": "MISC", + "url": "https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4072.json b/2015/4xxx/CVE-2015-4072.json index 47df74f68ed..c8f4e74247e 100644 --- a/2015/4xxx/CVE-2015-4072.json +++ b/2015/4xxx/CVE-2015-4072.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37666", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37666/" - }, - { - "name" : "20151231 Joomla! plugin Helpdesk Pro < 1.4.0", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jul/102" - }, - { - "name" : "http://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html" - }, - { - "name" : "75971", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75971" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37666", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37666/" + }, + { + "name": "http://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html" + }, + { + "name": "75971", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75971" + }, + { + "name": "20151231 Joomla! plugin Helpdesk Pro < 1.4.0", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jul/102" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4263.json b/2015/4xxx/CVE-2015-4263.json index ac35449b02c..ee1a6e13895 100644 --- a/2015/4xxx/CVE-2015-4263.json +++ b/2015/4xxx/CVE-2015-4263.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Control and Provisioning functionality in Cisco Mobility Services Engine (MSE) 10.0(0.1) allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCut36851." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150710 Cisco Mobility Services Engine Control And Provisioning Information Disclosure Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39825" - }, - { - "name" : "1032854", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032854" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Control and Provisioning functionality in Cisco Mobility Services Engine (MSE) 10.0(0.1) allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCut36851." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150710 Cisco Mobility Services Engine Control And Provisioning Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39825" + }, + { + "name": "1032854", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032854" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4277.json b/2015/4xxx/CVE-2015-4277.json index 270379e031e..9d68646fbfe 100644 --- a/2015/4xxx/CVE-2015-4277.json +++ b/2015/4xxx/CVE-2015-4277.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The global-configuration implementation on Cisco ASR 9000 devices with software 5.1.3 and 5.3.0 improperly closes vty sessions after a commit/end operation, which allows local users to cause a denial of service (tmp/*config file creation, memory consumption, and device hang) via unspecified vectors, aka Bug ID CSCut93842." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150811 Cisco ASR 9000 Series Aggregation Services Routers tmp Files Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39939" - }, - { - "name" : "1033259", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033259" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The global-configuration implementation on Cisco ASR 9000 devices with software 5.1.3 and 5.3.0 improperly closes vty sessions after a commit/end operation, which allows local users to cause a denial of service (tmp/*config file creation, memory consumption, and device hang) via unspecified vectors, aka Bug ID CSCut93842." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150811 Cisco ASR 9000 Series Aggregation Services Routers tmp Files Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39939" + }, + { + "name": "1033259", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033259" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4491.json b/2015/4xxx/CVE-2015-4491.json index b3290e83bea..3d31859944e 100644 --- a/2015/4xxx/CVE-2015-4491.json +++ b/2015/4xxx/CVE-2015-4491.json @@ -1,217 +1,217 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4491", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-4491", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-88.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-88.html" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=752297", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=752297" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1184009", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1184009" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1252290", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1252290" - }, - { - "name" : "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199", - "refsource" : "CONFIRM", - "url" : "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "DSA-3337", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3337" - }, - { - "name" : "FEDORA-2015-14010", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html" - }, - { - "name" : "FEDORA-2015-14011", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html" - }, - { - "name" : "FEDORA-2015-13925", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html" - }, - { - "name" : "FEDORA-2015-13926", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html" - }, - { - "name" : "GLSA-201605-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201605-06" - }, - { - "name" : "GLSA-201512-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201512-05" - }, - { - "name" : "RHSA-2015:1694", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1694.html" - }, - { - "name" : "RHSA-2015:1586", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1586.html" - }, - { - "name" : "RHSA-2015:1682", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1682.html" - }, - { - "name" : "openSUSE-SU-2015:1389", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html" - }, - { - "name" : "openSUSE-SU-2015:1390", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html" - }, - { - "name" : "SUSE-SU-2015:2081", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html" - }, - { - "name" : "SUSE-SU-2015:1449", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html" - }, - { - "name" : "openSUSE-SU-2015:1453", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html" - }, - { - "name" : "openSUSE-SU-2015:1454", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html" - }, - { - "name" : "SUSE-SU-2015:1528", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html" - }, - { - "name" : "openSUSE-SU-2015:1500", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html" - }, - { - "name" : "USN-2702-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2702-1" - }, - { - "name" : "USN-2702-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2702-2" - }, - { - "name" : "USN-2702-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2702-3" - }, - { - "name" : "USN-2712-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2712-1" - }, - { - "name" : "USN-2722-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2722-1" - }, - { - "name" : "1033372", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033372" - }, - { - "name" : "1033247", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033247" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-88.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-88.html" + }, + { + "name": "FEDORA-2015-14011", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html" + }, + { + "name": "DSA-3337", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3337" + }, + { + "name": "openSUSE-SU-2015:1500", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html" + }, + { + "name": "SUSE-SU-2015:2081", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html" + }, + { + "name": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199", + "refsource": "CONFIRM", + "url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199" + }, + { + "name": "USN-2712-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2712-1" + }, + { + "name": "openSUSE-SU-2015:1454", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html" + }, + { + "name": "USN-2702-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2702-3" + }, + { + "name": "RHSA-2015:1682", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1682.html" + }, + { + "name": "openSUSE-SU-2015:1389", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html" + }, + { + "name": "openSUSE-SU-2015:1453", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html" + }, + { + "name": "FEDORA-2015-13926", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html" + }, + { + "name": "RHSA-2015:1586", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1586.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1252290", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252290" + }, + { + "name": "FEDORA-2015-13925", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html" + }, + { + "name": "USN-2722-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2722-1" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "SUSE-SU-2015:1528", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html" + }, + { + "name": "1033247", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033247" + }, + { + "name": "USN-2702-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2702-2" + }, + { + "name": "RHSA-2015:1694", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1694.html" + }, + { + "name": "USN-2702-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2702-1" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=752297", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=752297" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1184009", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1184009" + }, + { + "name": "GLSA-201605-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201605-06" + }, + { + "name": "FEDORA-2015-14010", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html" + }, + { + "name": "1033372", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033372" + }, + { + "name": "SUSE-SU-2015:1449", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html" + }, + { + "name": "GLSA-201512-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201512-05" + }, + { + "name": "openSUSE-SU-2015:1390", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8375.json b/2015/8xxx/CVE-2015-8375.json index 0ff3bd669a2..1382e74a375 100644 --- a/2015/8xxx/CVE-2015-8375.json +++ b/2015/8xxx/CVE-2015-8375.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in PHP-Fusion 9." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20151129 Re: CVE request: XSS to RCE in PHP-Fusion 9", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/11/29/4" - }, - { - "name" : "http://cve.killedkenny.io/cve/CVE-2015-8375", - "refsource" : "MISC", - "url" : "http://cve.killedkenny.io/cve/CVE-2015-8375" - }, - { - "name" : "https://gist.github.com/bscarvell/57f82000bf823071404e", - "refsource" : "CONFIRM", - "url" : "https://gist.github.com/bscarvell/57f82000bf823071404e" - }, - { - "name" : "https://github.com/php-fusion/PHP-Fusion/commit/f1a5fce791e2392d5a23a6d62ab65c481cdd6a66", - "refsource" : "CONFIRM", - "url" : "https://github.com/php-fusion/PHP-Fusion/commit/f1a5fce791e2392d5a23a6d62ab65c481cdd6a66" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in PHP-Fusion 9." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/bscarvell/57f82000bf823071404e", + "refsource": "CONFIRM", + "url": "https://gist.github.com/bscarvell/57f82000bf823071404e" + }, + { + "name": "[oss-security] 20151129 Re: CVE request: XSS to RCE in PHP-Fusion 9", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/11/29/4" + }, + { + "name": "https://github.com/php-fusion/PHP-Fusion/commit/f1a5fce791e2392d5a23a6d62ab65c481cdd6a66", + "refsource": "CONFIRM", + "url": "https://github.com/php-fusion/PHP-Fusion/commit/f1a5fce791e2392d5a23a6d62ab65c481cdd6a66" + }, + { + "name": "http://cve.killedkenny.io/cve/CVE-2015-8375", + "refsource": "MISC", + "url": "http://cve.killedkenny.io/cve/CVE-2015-8375" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8884.json b/2015/8xxx/CVE-2015-8884.json index 20f60f25630..08f4d55e7e8 100644 --- a/2015/8xxx/CVE-2015-8884.json +++ b/2015/8xxx/CVE-2015-8884.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8884", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8884", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8987.json b/2015/8xxx/CVE-2015-8987.json index 558fe650219..c5abeb4fdf1 100644 --- a/2015/8xxx/CVE-2015-8987.json +++ b/2015/8xxx/CVE-2015-8987.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2015-8987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Agent (MA)", - "version" : { - "version_data" : [ - { - "version_value" : "4.8.0 patch 2 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Intel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in McAfee (now Intel Security) Agent (MA) 4.8.0 patch 2 and earlier allows attackers to make a McAfee Agent talk with another, possibly rogue, ePO server via McAfee Agent migration to another ePO server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Man-in-the-middle (MitM) attack vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2015-8987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Agent (MA)", + "version": { + "version_data": [ + { + "version_value": "4.8.0 patch 2 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Intel" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10101", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in McAfee (now Intel Security) Agent (MA) 4.8.0 patch 2 and earlier allows attackers to make a McAfee Agent talk with another, possibly rogue, ePO server via McAfee Agent migration to another ePO server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Man-in-the-middle (MitM) attack vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10101", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10101" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9242.json b/2015/9xxx/CVE-2015-9242.json index ebb7c1536a4..f0b5f326e09 100644 --- a/2015/9xxx/CVE-2015-9242.json +++ b/2015/9xxx/CVE-2015-9242.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2015-9242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ecstatic node module", - "version" : { - "version_data" : [ - { - "version_value" : "<1.4.0" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service (CWE-400)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2015-9242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ecstatic node module", + "version": { + "version_data": [ + { + "version_value": "<1.4.0" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.chromium.org/p/v8/issues/detail?id=4640", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/v8/issues/detail?id=4640" - }, - { - "name" : "https://github.com/jfhbrook/node-ecstatic/pull/179", - "refsource" : "MISC", - "url" : "https://github.com/jfhbrook/node-ecstatic/pull/179" - }, - { - "name" : "https://nodesecurity.io/advisories/64", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/64" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (CWE-400)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jfhbrook/node-ecstatic/pull/179", + "refsource": "MISC", + "url": "https://github.com/jfhbrook/node-ecstatic/pull/179" + }, + { + "name": "https://bugs.chromium.org/p/v8/issues/detail?id=4640", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/v8/issues/detail?id=4640" + }, + { + "name": "https://nodesecurity.io/advisories/64", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/64" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2358.json b/2018/2xxx/CVE-2018-2358.json index 82c8e069cb8..024afb29249 100644 --- a/2018/2xxx/CVE-2018-2358.json +++ b/2018/2xxx/CVE-2018-2358.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2358", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2358", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2481.json b/2018/2xxx/CVE-2018-2481.json index e4358c24307..f04fc4a2eda 100644 --- a/2018/2xxx/CVE-2018-2481.json +++ b/2018/2xxx/CVE-2018-2481.json @@ -1,104 +1,104 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2018-2481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP_ABA", - "version" : { - "version_data" : [ - { - "version_name" : "=", - "version_value" : "7.00 to 7.02" - }, - { - "version_name" : "=", - "version_value" : "7.10 to 7.11" - }, - { - "version_name" : "=", - "version_value" : "7.30" - }, - { - "version_name" : "=", - "version_value" : "7.31" - }, - { - "version_name" : "=", - "version_value" : "7.40" - }, - { - "version_name" : "=", - "version_value" : "7.50" - }, - { - "version_name" : "=", - "version_value" : "7.5C" - }, - { - "version_name" : "=", - "version_value" : "7.5D" - } - ] - } - } - ] - }, - "vendor_name" : "SAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Other" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2018-2481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP_ABA", + "version": { + "version_data": [ + { + "version_name": "=", + "version_value": "7.00 to 7.02" + }, + { + "version_name": "=", + "version_value": "7.10 to 7.11" + }, + { + "version_name": "=", + "version_value": "7.30" + }, + { + "version_name": "=", + "version_value": "7.31" + }, + { + "version_name": "=", + "version_value": "7.40" + }, + { + "version_name": "=", + "version_value": "7.50" + }, + { + "version_name": "=", + "version_value": "7.5C" + }, + { + "version_name": "=", + "version_value": "7.5D" + } + ] + } + } + ] + }, + "vendor_name": "SAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.support.sap.com/#/notes/2693083", - "refsource" : "MISC", - "url" : "https://launchpad.support.sap.com/#/notes/2693083" - }, - { - "name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832", - "refsource" : "MISC", - "url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832" - }, - { - "name" : "105906", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105906" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105906", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105906" + }, + { + "name": "https://launchpad.support.sap.com/#/notes/2693083", + "refsource": "MISC", + "url": "https://launchpad.support.sap.com/#/notes/2693083" + }, + { + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832", + "refsource": "MISC", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2543.json b/2018/2xxx/CVE-2018-2543.json index 614f32e67d7..060169c9df9 100644 --- a/2018/2xxx/CVE-2018-2543.json +++ b/2018/2xxx/CVE-2018-2543.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2543", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-2543", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2686.json b/2018/2xxx/CVE-2018-2686.json index 42663d48279..aaf622cbe17 100644 --- a/2018/2xxx/CVE-2018-2686.json +++ b/2018/2xxx/CVE-2018-2686.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VM VirtualBox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "5.1.32" - }, - { - "version_affected" : "<", - "version_value" : "5.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.1.32" + }, + { + "version_affected": "<", + "version_value": "5.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102690", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102690" - }, - { - "name" : "1040202", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040202" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102690", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102690" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "1040202", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040202" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2843.json b/2018/2xxx/CVE-2018-2843.json index 39495bf8da6..6cd8df30245 100644 --- a/2018/2xxx/CVE-2018-2843.json +++ b/2018/2xxx/CVE-2018-2843.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VM VirtualBox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "5.1.36" - }, - { - "version_affected" : "<", - "version_value" : "5.2.10" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.1.36" + }, + { + "version_affected": "<", + "version_value": "5.2.10" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "GLSA-201805-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201805-08" - }, - { - "name" : "103854", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103854" - }, - { - "name" : "1040707", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040707" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201805-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201805-08" + }, + { + "name": "103854", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103854" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "1040707", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040707" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2935.json b/2018/2xxx/CVE-2018-2935.json index e820a44f22a..b950d9ba267 100644 --- a/2018/2xxx/CVE-2018-2935.json +++ b/2018/2xxx/CVE-2018-2935.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebLogic Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "10.3.6.0" - }, - { - "version_affected" : "=", - "version_value" : "12.1.3.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.2" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JSF). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.3.6.0" + }, + { + "version_affected": "=", + "version_value": "12.1.3.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.2" + }, + { + "version_affected": "=", + "version_value": "12.2.1.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104817", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104817" - }, - { - "name" : "1041301", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041301" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JSF). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104817", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104817" + }, + { + "name": "1041301", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041301" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3110.json b/2018/3xxx/CVE-2018-3110.json index e0ecabc98e7..2dd473f0a50 100644 --- a/2018/3xxx/CVE-2018-3110.json +++ b/2018/3xxx/CVE-2018-3110.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Oracle Database", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.2.0.4" - }, - { - "version_affected" : "=", - "version_value" : "12.1.0.2" - }, - { - "version_affected" : "=", - "version_value" : "12.2.0.1" - }, - { - "version_affected" : "=", - "version_value" : "18" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability was discovered in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.2.0.4" + }, + { + "version_affected": "=", + "version_value": "12.1.0.2" + }, + { + "version_affected": "=", + "version_value": "12.2.0.1" + }, + { + "version_affected": "=", + "version_value": "18" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-3110-5032149.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-3110-5032149.html" - }, - { - "name" : "105056", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105056" - }, - { - "name" : "1041532", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was discovered in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105056", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105056" + }, + { + "name": "1041532", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041532" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-3110-5032149.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-3110-5032149.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6577.json b/2018/6xxx/CVE-2018-6577.json index 18e2c1b42c6..545acd9284b 100644 --- a/2018/6xxx/CVE-2018-6577.json +++ b/2018/6xxx/CVE-2018-6577.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43940", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43940" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43940", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43940" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6619.json b/2018/6xxx/CVE-2018-6619.json index 9bd9673f5a7..06ea21a407d 100644 --- a/2018/6xxx/CVE-2018-6619.json +++ b/2018/6xxx/CVE-2018-6619.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Easy Hosting Control Panel (EHCP) v0.37.12.b makes it easier for attackers to crack database passwords by leveraging use of a weak hashing algorithm without a salt." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-INSECURE-CRYPTO.txt", - "refsource" : "MISC", - "url" : "http://hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-INSECURE-CRYPTO.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/147556/Easy-Hosting-Control-Panel-0.37.12.b-Insecure-Cryptography.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/147556/Easy-Hosting-Control-Panel-0.37.12.b-Insecure-Cryptography.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Easy Hosting Control Panel (EHCP) v0.37.12.b makes it easier for attackers to crack database passwords by leveraging use of a weak hashing algorithm without a salt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-INSECURE-CRYPTO.txt", + "refsource": "MISC", + "url": "http://hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-INSECURE-CRYPTO.txt" + }, + { + "name": "http://packetstormsecurity.com/files/147556/Easy-Hosting-Control-Panel-0.37.12.b-Insecure-Cryptography.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/147556/Easy-Hosting-Control-Panel-0.37.12.b-Insecure-Cryptography.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6667.json b/2018/6xxx/CVE-2018-6667.json index 61b22ce8d73..dec9053c0fb 100644 --- a/2018/6xxx/CVE-2018-6667.json +++ b/2018/6xxx/CVE-2018-6667.json @@ -1,100 +1,100 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@mcafee.com", - "ID" : "CVE-2018-6667", - "STATE" : "PUBLIC", - "TITLE" : "McAfee Web Gateway - Authentication Bypass vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Web Gateway", - "version" : { - "version_data" : [ - { - "affected" : ">=", - "platform" : "x86", - "version_value" : "7.8.1.0" - }, - { - "affected" : "<=", - "platform" : "x86", - "version_value" : "7.8.1.5" - } - ] - } - } - ] - }, - "vendor_name" : "McAfee" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX)." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 10, - "baseSeverity" : "CRITICAL", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "CHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authentication Bypass vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@mcafee.com", + "ID": "CVE-2018-6667", + "STATE": "PUBLIC", + "TITLE": "McAfee Web Gateway - Authentication Bypass vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Web Gateway", + "version": { + "version_data": [ + { + "affected": ">=", + "platform": "x86", + "version_value": "7.8.1.0" + }, + { + "affected": "<=", + "platform": "x86", + "version_value": "7.8.1.5" + } + ] + } + } + ] + }, + "vendor_name": "McAfee" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10241" - }, - { - "name" : "104564", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104564" - }, - { - "name" : "1041129", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041129" - } - ] - }, - "source" : { - "advisory" : "SB10241", - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX)." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication Bypass vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10241" + }, + { + "name": "1041129", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041129" + }, + { + "name": "104564", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104564" + } + ] + }, + "source": { + "advisory": "SB10241", + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7144.json b/2018/7xxx/CVE-2018-7144.json index 3529fb11f28..059078c5b7a 100644 --- a/2018/7xxx/CVE-2018-7144.json +++ b/2018/7xxx/CVE-2018-7144.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7144", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7144", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7919.json b/2018/7xxx/CVE-2018-7919.json index c83d6002621..99402ee1830 100644 --- a/2018/7xxx/CVE-2018-7919.json +++ b/2018/7xxx/CVE-2018-7919.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7919", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7919", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5208.json b/2019/5xxx/CVE-2019-5208.json index 5c3d93e68b9..150a773ff95 100644 --- a/2019/5xxx/CVE-2019-5208.json +++ b/2019/5xxx/CVE-2019-5208.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5208", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5208", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5740.json b/2019/5xxx/CVE-2019-5740.json index 9a75cafd632..c909ef69687 100644 --- a/2019/5xxx/CVE-2019-5740.json +++ b/2019/5xxx/CVE-2019-5740.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5740", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5740", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5754.json b/2019/5xxx/CVE-2019-5754.json index f1244e99ba1..da3f1dd2013 100644 --- a/2019/5xxx/CVE-2019-5754.json +++ b/2019/5xxx/CVE-2019-5754.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2019-5754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "72.0.3626.81" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Inappropriate implementation" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2019-5754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "72.0.3626.81" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/914497", - "refsource" : "MISC", - "url" : "https://crbug.com/914497" - }, - { - "name" : "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4395", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4395" - }, - { - "name" : "RHSA-2019:0309", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0309" - }, - { - "name" : "106767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106767" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106767" + }, + { + "name": "RHSA-2019:0309", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0309" + }, + { + "name": "DSA-4395", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4395" + }, + { + "name": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html" + }, + { + "name": "https://crbug.com/914497", + "refsource": "MISC", + "url": "https://crbug.com/914497" + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5908.json b/2019/5xxx/CVE-2019-5908.json index d37d3d98d1d..b8574dae8fe 100644 --- a/2019/5xxx/CVE-2019-5908.json +++ b/2019/5xxx/CVE-2019-5908.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5908", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5908", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file