From fc9300bd6a5e956c483aea17e224d6233fd6e592 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:31:00 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/0xxx/CVE-1999-0733.json | 120 +++++----- 1999/0xxx/CVE-1999-0914.json | 120 +++++----- 1999/1xxx/CVE-1999-1005.json | 140 ++++++------ 1999/1xxx/CVE-1999-1131.json | 150 ++++++------ 1999/1xxx/CVE-1999-1250.json | 130 +++++------ 2000/0xxx/CVE-2000-0068.json | 120 +++++----- 2000/0xxx/CVE-2000-0598.json | 140 ++++++------ 2000/0xxx/CVE-2000-0641.json | 140 ++++++------ 2000/0xxx/CVE-2000-0655.json | 200 ++++++++-------- 2000/0xxx/CVE-2000-0709.json | 140 ++++++------ 2000/0xxx/CVE-2000-0718.json | 130 +++++------ 2000/0xxx/CVE-2000-0794.json | 150 ++++++------ 2000/0xxx/CVE-2000-0797.json | 160 ++++++------- 2000/1xxx/CVE-2000-1236.json | 170 +++++++------- 2005/2xxx/CVE-2005-2670.json | 160 ++++++------- 2005/2xxx/CVE-2005-2705.json | 430 +++++++++++++++++------------------ 2005/2xxx/CVE-2005-2751.json | 180 +++++++-------- 2005/2xxx/CVE-2005-2885.json | 150 ++++++------ 2005/3xxx/CVE-2005-3419.json | 210 ++++++++--------- 2005/3xxx/CVE-2005-3520.json | 250 ++++++++++---------- 2005/3xxx/CVE-2005-3729.json | 150 ++++++------ 2005/3xxx/CVE-2005-3774.json | 270 +++++++++++----------- 2005/3xxx/CVE-2005-3852.json | 150 ++++++------ 2007/5xxx/CVE-2007-5679.json | 170 +++++++------- 2009/2xxx/CVE-2009-2048.json | 180 +++++++-------- 2009/2xxx/CVE-2009-2143.json | 140 ++++++------ 2009/2xxx/CVE-2009-2193.json | 200 ++++++++-------- 2009/2xxx/CVE-2009-2624.json | 250 ++++++++++---------- 2009/2xxx/CVE-2009-2688.json | 210 ++++++++--------- 2009/3xxx/CVE-2009-3623.json | 190 ++++++++-------- 2009/3xxx/CVE-2009-3817.json | 140 ++++++------ 2009/3xxx/CVE-2009-3825.json | 130 +++++------ 2009/3xxx/CVE-2009-3973.json | 140 ++++++------ 2015/0xxx/CVE-2015-0030.json | 140 ++++++------ 2015/0xxx/CVE-2015-0652.json | 130 +++++------ 2015/0xxx/CVE-2015-0803.json | 180 +++++++-------- 2015/0xxx/CVE-2015-0863.json | 120 +++++----- 2015/1xxx/CVE-2015-1371.json | 160 ++++++------- 2015/1xxx/CVE-2015-1429.json | 130 +++++------ 2015/1xxx/CVE-2015-1454.json | 130 +++++------ 2015/4xxx/CVE-2015-4059.json | 130 +++++------ 2015/4xxx/CVE-2015-4243.json | 130 +++++------ 2015/4xxx/CVE-2015-4476.json | 170 +++++++------- 2015/4xxx/CVE-2015-4807.json | 200 ++++++++-------- 2015/4xxx/CVE-2015-4839.json | 140 ++++++------ 2015/8xxx/CVE-2015-8345.json | 180 +++++++-------- 2015/8xxx/CVE-2015-8581.json | 34 +-- 2015/8xxx/CVE-2015-8895.json | 170 +++++++------- 2015/8xxx/CVE-2015-8920.json | 230 +++++++++---------- 2015/9xxx/CVE-2015-9175.json | 132 +++++------ 2015/9xxx/CVE-2015-9273.json | 140 ++++++------ 2016/5xxx/CVE-2016-5821.json | 160 ++++++------- 2016/5xxx/CVE-2016-5953.json | 172 +++++++------- 2018/2xxx/CVE-2018-2476.json | 164 ++++++------- 2018/2xxx/CVE-2018-2785.json | 158 ++++++------- 2018/2xxx/CVE-2018-2803.json | 132 +++++------ 2018/2xxx/CVE-2018-2962.json | 156 ++++++------- 2018/3xxx/CVE-2018-3465.json | 34 +-- 2018/6xxx/CVE-2018-6358.json | 130 +++++------ 2018/6xxx/CVE-2018-6501.json | 120 +++++----- 2018/6xxx/CVE-2018-6918.json | 142 ++++++------ 2018/6xxx/CVE-2018-6919.json | 132 +++++------ 2018/7xxx/CVE-2018-7028.json | 34 +-- 2018/7xxx/CVE-2018-7221.json | 34 +-- 2018/7xxx/CVE-2018-7543.json | 130 +++++------ 2018/7xxx/CVE-2018-7556.json | 120 +++++----- 2018/7xxx/CVE-2018-7697.json | 34 +-- 2019/5xxx/CVE-2019-5078.json | 34 +-- 2019/5xxx/CVE-2019-5256.json | 34 +-- 2019/5xxx/CVE-2019-5477.json | 34 +-- 2019/5xxx/CVE-2019-5650.json | 34 +-- 2019/5xxx/CVE-2019-5863.json | 34 +-- 72 files changed, 5189 insertions(+), 5189 deletions(-) diff --git a/1999/0xxx/CVE-1999-0733.json b/1999/0xxx/CVE-1999-0733.json index 3d047820340..36ba4fead02 100644 --- a/1999/0xxx/CVE-1999-0733.json +++ b/1999/0xxx/CVE-1999-0733.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in VMWare 1.0.1 for Linux via a long HOME environmental variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "490", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/490" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in VMWare 1.0.1 for Linux via a long HOME environmental variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "490", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/490" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0914.json b/1999/0xxx/CVE-1999-0914.json index 69c822e5621..360c6e7d2b8 100644 --- a/1999/0xxx/CVE-1999-0914.json +++ b/1999/0xxx/CVE-1999-0914.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the FTP client in the Debian GNU/Linux netstd package." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "324", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/324" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the FTP client in the Debian GNU/Linux netstd package." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "324", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/324" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1005.json b/1999/1xxx/CVE-1999-1005.json index d670a44c75d..38239a114df 100644 --- a/1999/1xxx/CVE-1999-1005.json +++ b/1999/1xxx/CVE-1999-1005.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19991219 Groupewise Web Interface", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=94571433731824&w=2" - }, - { - "name" : "879", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/879" - }, - { - "name" : "3413", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3413" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19991219 Groupewise Web Interface", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=94571433731824&w=2" + }, + { + "name": "879", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/879" + }, + { + "name": "3413", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3413" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1131.json b/1999/1xxx/CVE-1999-1131.json index 635f849d85f..d3a4c82459d 100644 --- a/1999/1xxx/CVE-1999-1131.json +++ b/1999/1xxx/CVE-1999-1131.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in OSF Distributed Computing Environment (DCE) security demon (secd) in IRIX 6.4 and earlier allows attackers to cause a denial of service via a long principal, group, or organization." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VB-97.12", - "refsource" : "CERT", - "url" : "http://www.cert.org/vendor_bulletins/VB-97.12.opengroup" - }, - { - "name" : "I-060", - "refsource" : "CIAC", - "url" : "http://ciac.llnl.gov/ciac/bulletins/i-060.shtml" - }, - { - "name" : "19980601-01-PX", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/19980601-01-PX" - }, - { - "name" : "sgi-osf-dce-dos(1123)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in OSF Distributed Computing Environment (DCE) security demon (secd) in IRIX 6.4 and earlier allows attackers to cause a denial of service via a long principal, group, or organization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VB-97.12", + "refsource": "CERT", + "url": "http://www.cert.org/vendor_bulletins/VB-97.12.opengroup" + }, + { + "name": "I-060", + "refsource": "CIAC", + "url": "http://ciac.llnl.gov/ciac/bulletins/i-060.shtml" + }, + { + "name": "19980601-01-PX", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/19980601-01-PX" + }, + { + "name": "sgi-osf-dce-dos(1123)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1123" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1250.json b/1999/1xxx/CVE-1999-1250.json index 76b7fd33659..ee9544065ec 100644 --- a/1999/1xxx/CVE-1999-1250.json +++ b/1999/1xxx/CVE-1999-1250.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1250", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in CGI program in the Lasso application by Blue World, as used on WebSTAR and other servers, allows remote attackers to read arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19970819 Lasso CGI security hole (fwd)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/7506" - }, - { - "name" : "http-cgi-lasso(2044)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/2044" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in CGI program in the Lasso application by Blue World, as used on WebSTAR and other servers, allows remote attackers to read arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http-cgi-lasso(2044)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2044" + }, + { + "name": "19970819 Lasso CGI security hole (fwd)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/7506" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0068.json b/2000/0xxx/CVE-2000-0068.json index b8163e61039..4692d51f491 100644 --- a/2000/0xxx/CVE-2000-0068.json +++ b/2000/0xxx/CVE-2000-0068.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "daynad program in Intel InBusiness E-mail Station does not require authentication, which allows remote attackers to modify its configuration, delete files, or read mail." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000104 [rootshell] Security Bulletin #27", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=94704437920965&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "daynad program in Intel InBusiness E-mail Station does not require authentication, which allows remote attackers to modify its configuration, delete files, or read mail." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000104 [rootshell] Security Bulletin #27", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=94704437920965&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0598.json b/2000/0xxx/CVE-2000-0598.json index def9d6862f3..f02f57ff186 100644 --- a/2000/0xxx/CVE-2000-0598.json +++ b/2000/0xxx/CVE-2000-0598.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Fortech Proxy+ allows remote attackers to bypass access restrictions for to the administration service by redirecting their connections through the telnet proxy." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000626 Proxy+ Telnet Gateway Problems", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-06/0268.html" - }, - { - "name" : "http://www.proxyplus.cz/faq/articles/EN/art01002.htm", - "refsource" : "MISC", - "url" : "http://www.proxyplus.cz/faq/articles/EN/art01002.htm" - }, - { - "name" : "1395", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1395" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Fortech Proxy+ allows remote attackers to bypass access restrictions for to the administration service by redirecting their connections through the telnet proxy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1395", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1395" + }, + { + "name": "20000626 Proxy+ Telnet Gateway Problems", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0268.html" + }, + { + "name": "http://www.proxyplus.cz/faq/articles/EN/art01002.htm", + "refsource": "MISC", + "url": "http://www.proxyplus.cz/faq/articles/EN/art01002.htm" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0641.json b/2000/0xxx/CVE-2000-0641.json index d119c18e1af..5b1029034a2 100644 --- a/2000/0xxx/CVE-2000-0641.json +++ b/2000/0xxx/CVE-2000-0641.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Savant web server allows remote attackers to execute arbitrary commands via a long GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html" - }, - { - "name" : "1453", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1453" - }, - { - "name" : "savant-get-bo(4901)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/4901" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Savant web server allows remote attackers to execute arbitrary commands via a long GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html" + }, + { + "name": "savant-get-bo(4901)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4901" + }, + { + "name": "1453", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1453" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0655.json b/2000/0xxx/CVE-2000-0655.json index 3e7f05bbc19..2edebc3343f 100644 --- a/2000/0xxx/CVE-2000-0655.json +++ b/2000/0xxx/CVE-2000-0655.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000724 JPEG COM Marker Processing Vulnerability in Netscape Browsers", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D200007242356.DAA01274%40false.com" - }, - { - "name" : "RHSA-2000:046", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2000-046.html" - }, - { - "name" : "20000823 Security Hole in Netscape, Versions 4.x, possibly others", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/suse_security_announce_60.html" - }, - { - "name" : "TLSA2000017-1", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000016.html" - }, - { - "name" : "NetBSD-SA2000-011", - "refsource" : "NETBSD", - "url" : "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-011.txt.asc" - }, - { - "name" : "FreeBSD-SA-00:39", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc" - }, - { - "name" : "20000801 MDKSA-2000:027-1 netscape update", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-07/0456.html" - }, - { - "name" : "20000810 Conectiva Linux Security Announcement - netscape", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-08/0116.html" - }, - { - "name" : "1503", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1503" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2000:046", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2000-046.html" + }, + { + "name": "1503", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1503" + }, + { + "name": "TLSA2000017-1", + "refsource": "TURBO", + "url": "http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000016.html" + }, + { + "name": "FreeBSD-SA-00:39", + "refsource": "FREEBSD", + "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc" + }, + { + "name": "20000724 JPEG COM Marker Processing Vulnerability in Netscape Browsers", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D200007242356.DAA01274%40false.com" + }, + { + "name": "20000823 Security Hole in Netscape, Versions 4.x, possibly others", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/suse_security_announce_60.html" + }, + { + "name": "20000801 MDKSA-2000:027-1 netscape update", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0456.html" + }, + { + "name": "20000810 Conectiva Linux Security Announcement - netscape", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0116.html" + }, + { + "name": "NetBSD-SA2000-011", + "refsource": "NETBSD", + "url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-011.txt.asc" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0709.json b/2000/0xxx/CVE-2000-0709.json index fedfccc00ca..750e247bfc2 100644 --- a/2000/0xxx/CVE-2000-0709.json +++ b/2000/0xxx/CVE-2000-0709.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000823 Xato Advisory: FrontPage DOS Device DoS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-08/0288.html" - }, - { - "name" : "http://msdn.microsoft.com/workshop/languages/fp/2000/sr12.asp", - "refsource" : "CONFIRM", - "url" : "http://msdn.microsoft.com/workshop/languages/fp/2000/sr12.asp" - }, - { - "name" : "1608", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://msdn.microsoft.com/workshop/languages/fp/2000/sr12.asp", + "refsource": "CONFIRM", + "url": "http://msdn.microsoft.com/workshop/languages/fp/2000/sr12.asp" + }, + { + "name": "1608", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1608" + }, + { + "name": "20000823 Xato Advisory: FrontPage DOS Device DoS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0288.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0718.json b/2000/0xxx/CVE-2000-0718.json index 6a9e05e7ea8..1c96f611033 100644 --- a/2000/0xxx/CVE-2000-0718.json +++ b/2000/0xxx/CVE-2000-0718.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000812 MDKSA-2000:034 MandrakeUpdate update", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-08/0146.html" - }, - { - "name" : "1567", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1567" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1567", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1567" + }, + { + "name": "20000812 MDKSA-2000:034 MandrakeUpdate update", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0146.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0794.json b/2000/0xxx/CVE-2000-0794.json index e16c73e4765..b3e99ca0cfe 100644 --- a/2000/0xxx/CVE-2000-0794.json +++ b/2000/0xxx/CVE-2000-0794.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0794", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in IRIX libgl.so library allows local users to gain root privileges via a long HOME variable to programs such as (1) gmemusage and (2) gr_osview." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0794", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000802 [LSD] some unpublished LSD exploit codes", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl" - }, - { - "name" : "1527", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1527" - }, - { - "name" : "8568", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8568" - }, - { - "name" : "irix-libgl-bo(5063)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/5063.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in IRIX libgl.so library allows local users to gain root privileges via a long HOME variable to programs such as (1) gmemusage and (2) gr_osview." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1527", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1527" + }, + { + "name": "irix-libgl-bo(5063)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/5063.php" + }, + { + "name": "8568", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8568" + }, + { + "name": "20000802 [LSD] some unpublished LSD exploit codes", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0797.json b/2000/0xxx/CVE-2000-0797.json index b0bab46885c..be91627d727 100644 --- a/2000/0xxx/CVE-2000-0797.json +++ b/2000/0xxx/CVE-2000-0797.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in gr_osview in IRIX 6.2 and 6.3 allows local users to gain privileges via a long -D option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000802 [LSD] some unpublished LSD exploit codes", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl" - }, - { - "name" : "20040104-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040104-01-P.asc" - }, - { - "name" : "1526", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1526" - }, - { - "name" : "irix-grosview-bo(5062)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5062" - }, - { - "name" : "3815", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3815" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in gr_osview in IRIX 6.2 and 6.3 allows local users to gain privileges via a long -D option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000802 [LSD] some unpublished LSD exploit codes", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl" + }, + { + "name": "irix-grosview-bo(5062)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5062" + }, + { + "name": "3815", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3815" + }, + { + "name": "1526", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1526" + }, + { + "name": "20040104-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040104-01-P.asc" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1236.json b/2000/1xxx/CVE-2000-1236.json index 04bc45d24fd..c26093b45e1 100644 --- a/2000/1xxx/CVE-2000-1236.json +++ b/2000/1xxx/CVE-2000-1236.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in mod_sql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the query string of the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001219 Oracle WebDb engine brain-damagse", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-12/0339.html" - }, - { - "name" : "20001221 Re: Oracle WebDb engine brain-damagse", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-12/0372.html" - }, - { - "name" : "20001223 Potential Vulnerabilities in Oracle Internet Application Server", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-12/0463.html" - }, - { - "name" : "20010110 Patch for Potential Vulnerability in Oracle Internet Application Server", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/155881" - }, - { - "name" : "2150", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2150" - }, - { - "name" : "oracle-execute-plsql(5817)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/5817.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in mod_sql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the query string of the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20001219 Oracle WebDb engine brain-damagse", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0339.html" + }, + { + "name": "20010110 Patch for Potential Vulnerability in Oracle Internet Application Server", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/155881" + }, + { + "name": "oracle-execute-plsql(5817)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/5817.php" + }, + { + "name": "20001221 Re: Oracle WebDb engine brain-damagse", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0372.html" + }, + { + "name": "2150", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2150" + }, + { + "name": "20001223 Potential Vulnerabilities in Oracle Internet Application Server", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0463.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2670.json b/2005/2xxx/CVE-2005-2670.json index 539b0a8dfaa..a3ca86e8742 100644 --- a/2005/2xxx/CVE-2005-2670.json +++ b/2005/2xxx/CVE-2005-2670.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall allows remote attackers to overwrite arbitrary files via \"..\" sequences in filenames contained in (1) ACE, (2) ARJ, (3) CAB, (4) LZH, (5) RAR, (6) TAR and (7) ZIP files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2005-24/advisory", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2005-24/advisory" - }, - { - "name" : "http://www.globalhauri.com/html/download/down_unixpatch.html", - "refsource" : "MISC", - "url" : "http://www.globalhauri.com/html/download/down_unixpatch.html" - }, - { - "name" : "14606", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14606" - }, - { - "name" : "1014740", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014740" - }, - { - "name" : "15846", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15846" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall allows remote attackers to overwrite arbitrary files via \"..\" sequences in filenames contained in (1) ACE, (2) ARJ, (3) CAB, (4) LZH, (5) RAR, (6) TAR and (7) ZIP files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secunia.com/secunia_research/2005-24/advisory", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2005-24/advisory" + }, + { + "name": "14606", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14606" + }, + { + "name": "15846", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15846" + }, + { + "name": "http://www.globalhauri.com/html/download/down_unixpatch.html", + "refsource": "MISC", + "url": "http://www.globalhauri.com/html/download/down_unixpatch.html" + }, + { + "name": "1014740", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014740" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2705.json b/2005/2xxx/CVE-2005-2705.json index 0c87513aec0..64e6e1c72c6 100644 --- a/2005/2xxx/CVE-2005-2705.json +++ b/2005/2xxx/CVE-2005-2705.json @@ -1,217 +1,217 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-2705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=303213", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=303213" - }, - { - "name" : "http://www.mozilla.org/security/announce/mfsa2005-58.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/mfsa2005-58.html" - }, - { - "name" : "DSA-868", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-868" - }, - { - "name" : "DSA-838", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-838" - }, - { - "name" : "DSA-866", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-866" - }, - { - "name" : "FLSA-2006:168375", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html" - }, - { - "name" : "MDKSA-2005:169", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:169" - }, - { - "name" : "MDKSA-2005:170", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:170" - }, - { - "name" : "MDKSA-2005:174", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:174" - }, - { - "name" : "RHSA-2005:785", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-785.html" - }, - { - "name" : "RHSA-2005:789", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-789.html" - }, - { - "name" : "RHSA-2005:791", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-791.html" - }, - { - "name" : "SCOSA-2005.49", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" - }, - { - "name" : "SUSE-SA:2005:058", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_58_mozilla.html" - }, - { - "name" : "USN-200-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-200-1" - }, - { - "name" : "14917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14917" - }, - { - "name" : "15495", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15495" - }, - { - "name" : "oval:org.mitre.oval:def:10367", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10367" - }, - { - "name" : "ADV-2005-1824", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1824" - }, - { - "name" : "oval:org.mitre.oval:def:1307", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1307" - }, - { - "name" : "1014954", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014954" - }, - { - "name" : "16911", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16911" - }, - { - "name" : "16917", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16917" - }, - { - "name" : "17042", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17042" - }, - { - "name" : "17090", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17090" - }, - { - "name" : "17149", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17149" - }, - { - "name" : "17284", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17284" - }, - { - "name" : "17026", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17026" - }, - { - "name" : "17263", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17263" - }, - { - "name" : "16977", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16977" - }, - { - "name" : "17014", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17014" - }, - { - "name" : "mozilla-javascript-bo(22377)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mozilla-javascript-bo(22377)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22377" + }, + { + "name": "MDKSA-2005:169", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:169" + }, + { + "name": "DSA-868", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-868" + }, + { + "name": "ADV-2005-1824", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1824" + }, + { + "name": "FLSA-2006:168375", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html" + }, + { + "name": "SCOSA-2005.49", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" + }, + { + "name": "14917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14917" + }, + { + "name": "15495", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15495" + }, + { + "name": "1014954", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014954" + }, + { + "name": "RHSA-2005:789", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-789.html" + }, + { + "name": "17026", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17026" + }, + { + "name": "RHSA-2005:791", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-791.html" + }, + { + "name": "USN-200-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-200-1" + }, + { + "name": "17042", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17042" + }, + { + "name": "DSA-866", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-866" + }, + { + "name": "http://www.mozilla.org/security/announce/mfsa2005-58.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/mfsa2005-58.html" + }, + { + "name": "17284", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17284" + }, + { + "name": "17149", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17149" + }, + { + "name": "17263", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17263" + }, + { + "name": "16917", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16917" + }, + { + "name": "DSA-838", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-838" + }, + { + "name": "17014", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17014" + }, + { + "name": "RHSA-2005:785", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-785.html" + }, + { + "name": "SUSE-SA:2005:058", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_58_mozilla.html" + }, + { + "name": "MDKSA-2005:174", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:174" + }, + { + "name": "17090", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17090" + }, + { + "name": "16911", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16911" + }, + { + "name": "oval:org.mitre.oval:def:1307", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1307" + }, + { + "name": "16977", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16977" + }, + { + "name": "oval:org.mitre.oval:def:10367", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10367" + }, + { + "name": "MDKSA-2005:170", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:170" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=303213", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=303213" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2751.json b/2005/2xxx/CVE-2005-2751.json index 773f70dd55d..a3d8f174252 100644 --- a/2005/2xxx/CVE-2005-2751.json +++ b/2005/2xxx/CVE-2005-2751.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2751", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not quickly synchronize access control checks with changes in group membership, which could allow users to access files and other resources after they have been removed from a group." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2751", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2005-10-31", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Oct/msg00000.html" - }, - { - "name" : "15252", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15252" - }, - { - "name" : "ADV-2005-2256", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2256" - }, - { - "name" : "20429", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20429" - }, - { - "name" : "1015125", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015125" - }, - { - "name" : "17368", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17368" - }, - { - "name" : "macos-memberd-unauthorized-access(44465)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not quickly synchronize access control checks with changes in group membership, which could allow users to access files and other resources after they have been removed from a group." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "macos-memberd-unauthorized-access(44465)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44465" + }, + { + "name": "ADV-2005-2256", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2256" + }, + { + "name": "17368", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17368" + }, + { + "name": "20429", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20429" + }, + { + "name": "APPLE-SA-2005-10-31", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Oct/msg00000.html" + }, + { + "name": "15252", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15252" + }, + { + "name": "1015125", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015125" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2885.json b/2005/2xxx/CVE-2005-2885.json index 18791d45d72..f1ddd28cadd 100644 --- a/2005/2xxx/CVE-2005-2885.json +++ b/2005/2xxx/CVE-2005-2885.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2885", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which could allow remote attackers to bypass file extension checks and execute arbitrary commands by uploading a file with a different extension, as demonstrated using .inc files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050906 MAXdev MD-Pro 1.0.73 (possibly prior versions) remote code execution / cross site scripting / path disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112603835317458&w=2" - }, - { - "name" : "14750", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14750" - }, - { - "name" : "16731", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16731/" - }, - { - "name" : "mdpro-extension-file-upload(22199)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22199" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which could allow remote attackers to bypass file extension checks and execute arbitrary commands by uploading a file with a different extension, as demonstrated using .inc files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14750", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14750" + }, + { + "name": "16731", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16731/" + }, + { + "name": "mdpro-extension-file-upload(22199)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22199" + }, + { + "name": "20050906 MAXdev MD-Pro 1.0.73 (possibly prior versions) remote code execution / cross site scripting / path disclosure", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112603835317458&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3419.json b/2005/3xxx/CVE-2005-3419.json index 3f2542e0085..1c46f016199 100644 --- a/2005/3xxx/CVE-2005-3419.json +++ b/2005/3xxx/CVE-2005-3419.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the signature_bbcode_uid parameter, which is not properly initialized." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113081113317600&w=2" - }, - { - "name" : "http://www.hardened-php.net/advisory_172005.75.html", - "refsource" : "MISC", - "url" : "http://www.hardened-php.net/advisory_172005.75.html" - }, - { - "name" : "DSA-925", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-925" - }, - { - "name" : "15243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15243" - }, - { - "name" : "ADV-2005-2250", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2250" - }, - { - "name" : "20390", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20390" - }, - { - "name" : "1015121", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015121" - }, - { - "name" : "17366", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17366" - }, - { - "name" : "18098", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18098" - }, - { - "name" : "130", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/130" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the signature_bbcode_uid parameter, which is not properly initialized." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2250", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2250" + }, + { + "name": "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113081113317600&w=2" + }, + { + "name": "DSA-925", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-925" + }, + { + "name": "20390", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20390" + }, + { + "name": "17366", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17366" + }, + { + "name": "130", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/130" + }, + { + "name": "18098", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18098" + }, + { + "name": "http://www.hardened-php.net/advisory_172005.75.html", + "refsource": "MISC", + "url": "http://www.hardened-php.net/advisory_172005.75.html" + }, + { + "name": "1015121", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015121" + }, + { + "name": "15243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15243" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3520.json b/2005/3xxx/CVE-2005-3520.json index 265e835e81a..c1432b09724 100644 --- a/2005/3xxx/CVE-2005-3520.json +++ b/2005/3xxx/CVE-2005-3520.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3520", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in MySource 2.14.0 allow remote attackers to inject arbitrary web script or HTML via (1) the target_url parameter in upgrade_in_progress_backend.php, (2) the stylesheet parameter in edit_table_cell_type_wysiwyg.php, and the bgcolor parameter in (3) insert_table.php, (4) edit_table_cell_props.php, (5) header.php, (6) edit_table_row_props.php, and (7) edit_table_props.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3520", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051018 Secunia Research: MySource Cross-Site Scripting and File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112966933202769&w=2" - }, - { - "name" : "15132", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15132" - }, - { - "name" : "ADV-2005-2132", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2132" - }, - { - "name" : "20044", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20044" - }, - { - "name" : "20045", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20045" - }, - { - "name" : "20046", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20046" - }, - { - "name" : "20047", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20047" - }, - { - "name" : "20048", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20048" - }, - { - "name" : "20049", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20049" - }, - { - "name" : "20050", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20050" - }, - { - "name" : "1015075", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015075" - }, - { - "name" : "16946", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16946/" - }, - { - "name" : "92", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/92" - }, - { - "name" : "mysource-multiple-scripts-xss(22771)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22771" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in MySource 2.14.0 allow remote attackers to inject arbitrary web script or HTML via (1) the target_url parameter in upgrade_in_progress_backend.php, (2) the stylesheet parameter in edit_table_cell_type_wysiwyg.php, and the bgcolor parameter in (3) insert_table.php, (4) edit_table_cell_props.php, (5) header.php, (6) edit_table_row_props.php, and (7) edit_table_props.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/92" + }, + { + "name": "20047", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20047" + }, + { + "name": "20044", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20044" + }, + { + "name": "20051018 Secunia Research: MySource Cross-Site Scripting and File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112966933202769&w=2" + }, + { + "name": "20046", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20046" + }, + { + "name": "16946", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16946/" + }, + { + "name": "20045", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20045" + }, + { + "name": "mysource-multiple-scripts-xss(22771)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22771" + }, + { + "name": "ADV-2005-2132", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2132" + }, + { + "name": "20049", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20049" + }, + { + "name": "1015075", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015075" + }, + { + "name": "20050", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20050" + }, + { + "name": "15132", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15132" + }, + { + "name": "20048", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20048" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3729.json b/2005/3xxx/CVE-2005-3729.json index 621164d9380..29a42a8fcd5 100644 --- a/2005/3xxx/CVE-2005-3729.json +++ b/2005/3xxx/CVE-2005-3729.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Idetix Software Systems Revize CMS allows remote attackers to obtain sensitive information via direct requests to files in the revize/debug directory, such as (1) apptables.html and (2) main.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2005/11/revizer-cms-sql-information-disclosure.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2005/11/revizer-cms-sql-information-disclosure.html" - }, - { - "name" : "20921", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20921" - }, - { - "name" : "1015231", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015231" - }, - { - "name" : "17623", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Idetix Software Systems Revize CMS allows remote attackers to obtain sensitive information via direct requests to files in the revize/debug directory, such as (1) apptables.html and (2) main.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lostmon.blogspot.com/2005/11/revizer-cms-sql-information-disclosure.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2005/11/revizer-cms-sql-information-disclosure.html" + }, + { + "name": "17623", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17623" + }, + { + "name": "1015231", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015231" + }, + { + "name": "20921", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20921" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3774.json b/2005/3xxx/CVE-2005-3774.json index 7943e93a582..df9e2d77895 100644 --- a/2005/3xxx/CVE-2005-3774.json +++ b/2005/3xxx/CVE-2005-3774.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of \"meaningless data,\" or (3) a TTL that is one less than needed to reach the internal destination." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051122 Cisco PIX TCP Connection Prevention", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/417458/30/0/threaded" - }, - { - "name" : "20051122 Cisco PIX TCP Connection Prevention", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038971.html" - }, - { - "name" : "20051122 Cisco PIX TCP Connection Prevention", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038983.html" - }, - { - "name" : "20060307 Cisco PIX embryonic state machine 1b data DoS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426989/100/0/threaded" - }, - { - "name" : "20060307 Cisco PIX embryonic state machine TTL(n-1) DoS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426991/100/0/threaded" - }, - { - "name" : "20060307 RE: Cisco PIX embryonic state machine 1b data DoS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427041/100/0/threaded" - }, - { - "name" : "20051128 Response to Cisco PIX TCP Connection Prevention", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-response-20051122-pix.shtml" - }, - { - "name" : "http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_security_notice09186a0080624a37.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_security_notice09186a0080624a37.html" - }, - { - "name" : "VU#853540", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/853540" - }, - { - "name" : "15525", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15525" - }, - { - "name" : "ADV-2005-2546", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2546" - }, - { - "name" : "24140", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24140" - }, - { - "name" : "1015256", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015256" - }, - { - "name" : "17670", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17670" - }, - { - "name" : "cisco-pix-tcp-data-field-dos(25077)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25077" - }, - { - "name" : "cisco-pix-ttl-dos(25079)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25079" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of \"meaningless data,\" or (3) a TTL that is one less than needed to reach the internal destination." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015256", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015256" + }, + { + "name": "cisco-pix-ttl-dos(25079)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25079" + }, + { + "name": "cisco-pix-tcp-data-field-dos(25077)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25077" + }, + { + "name": "24140", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24140" + }, + { + "name": "15525", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15525" + }, + { + "name": "http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_security_notice09186a0080624a37.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_security_notice09186a0080624a37.html" + }, + { + "name": "20051122 Cisco PIX TCP Connection Prevention", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038983.html" + }, + { + "name": "20060307 Cisco PIX embryonic state machine 1b data DoS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426989/100/0/threaded" + }, + { + "name": "20051128 Response to Cisco PIX TCP Connection Prevention", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-response-20051122-pix.shtml" + }, + { + "name": "20060307 Cisco PIX embryonic state machine TTL(n-1) DoS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426991/100/0/threaded" + }, + { + "name": "VU#853540", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/853540" + }, + { + "name": "17670", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17670" + }, + { + "name": "20060307 RE: Cisco PIX embryonic state machine 1b data DoS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427041/100/0/threaded" + }, + { + "name": "ADV-2005-2546", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2546" + }, + { + "name": "20051122 Cisco PIX TCP Connection Prevention", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/417458/30/0/threaded" + }, + { + "name": "20051122 Cisco PIX TCP Connection Prevention", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038971.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3852.json b/2005/3xxx/CVE-2005-3852.json index 809a4ae65a9..52cc6132126 100644 --- a/2005/3xxx/CVE-2005-3852.json +++ b/2005/3xxx/CVE-2005-3852.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in search.asp in Online Work Order Suite (OWOS) Lite Edition for ASP 3.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/owos-lite-30-sql-inj.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/owos-lite-30-sql-inj.html" - }, - { - "name" : "ADV-2005-2584", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2584" - }, - { - "name" : "21116", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21116" - }, - { - "name" : "17711", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17711" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in search.asp in Online Work Order Suite (OWOS) Lite Edition for ASP 3.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2584", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2584" + }, + { + "name": "21116", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21116" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/owos-lite-30-sql-inj.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/owos-lite-30-sql-inj.html" + }, + { + "name": "17711", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17711" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5679.json b/2007/5xxx/CVE-2007-5679.json index fdc76d5594f..b59915eba45 100644 --- a/2007/5xxx/CVE-2007-5679.json +++ b/2007/5xxx/CVE-2007-5679.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5679", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in DeeEmm.com DM CMS 0.7.0.Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in the media page (build_media_content.php). NOTE: it was later reported that 0.7.4 is also affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071021 [Aria-Security.Net] dmcms.0.7.0 SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2007-10/0315.html" - }, - { - "name" : "6250", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6250" - }, - { - "name" : "26169", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26169/info" - }, - { - "name" : "ADV-2008-2411", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2411" - }, - { - "name" : "dmcms-index-sql-injection(37337)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37337" - }, - { - "name" : "dmcms-page-id-sql-injection(44506)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44506" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in DeeEmm.com DM CMS 0.7.0.Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in the media page (build_media_content.php). NOTE: it was later reported that 0.7.4 is also affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26169", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26169/info" + }, + { + "name": "20071021 [Aria-Security.Net] dmcms.0.7.0 SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2007-10/0315.html" + }, + { + "name": "6250", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6250" + }, + { + "name": "dmcms-page-id-sql-injection(44506)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44506" + }, + { + "name": "dmcms-index-sql-injection(37337)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37337" + }, + { + "name": "ADV-2008-2411", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2411" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2048.json b/2009/2xxx/CVE-2009-2048.json index e77b741a8a3..7a26080b21b 100644 --- a/2009/2xxx/CVE-2009-2048.json +++ b/2009/2xxx/CVE-2009-2048.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to inject arbitrary web script or HTML into the CCX database via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2009-2048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090715 Vulnerabilities in Unified Contact Center Express Administration Pages", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ae04b2.shtml" - }, - { - "name" : "35705", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35705" - }, - { - "name" : "55937", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55937" - }, - { - "name" : "1022569", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022569" - }, - { - "name" : "35861", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35861" - }, - { - "name" : "ADV-2009-1913", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1913" - }, - { - "name" : "unified-ccx-interface-xss(51730)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51730" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to inject arbitrary web script or HTML into the CCX database via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1022569", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022569" + }, + { + "name": "unified-ccx-interface-xss(51730)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51730" + }, + { + "name": "35861", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35861" + }, + { + "name": "55937", + "refsource": "OSVDB", + "url": "http://osvdb.org/55937" + }, + { + "name": "ADV-2009-1913", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1913" + }, + { + "name": "35705", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35705" + }, + { + "name": "20090715 Vulnerabilities in Unified Contact Center Express Administration Pages", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ae04b2.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2143.json b/2009/2xxx/CVE-2009-2143.json index 2f26f70f457..9bb639bf07a 100644 --- a/2009/2xxx/CVE-2009-2143.json +++ b/2009/2xxx/CVE-2009-2143.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8945", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8945" - }, - { - "name" : "http://firestats.cc/wiki/ChangeLog#a1.6.2-stable13062009", - "refsource" : "CONFIRM", - "url" : "http://firestats.cc/wiki/ChangeLog#a1.6.2-stable13062009" - }, - { - "name" : "35400", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://firestats.cc/wiki/ChangeLog#a1.6.2-stable13062009", + "refsource": "CONFIRM", + "url": "http://firestats.cc/wiki/ChangeLog#a1.6.2-stable13062009" + }, + { + "name": "35400", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35400" + }, + { + "name": "8945", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8945" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2193.json b/2009/2xxx/CVE-2009-2193.json index 8aba8eac608..2bd245068e2 100644 --- a/2009/2xxx/CVE-2009-2193.json +++ b/2009/2xxx/CVE-2009-2193.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3757", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3757" - }, - { - "name" : "APPLE-SA-2009-08-05-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html" - }, - { - "name" : "TA09-218A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-218A.html" - }, - { - "name" : "35954", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35954" - }, - { - "name" : "56838", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56838" - }, - { - "name" : "1022674", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022674" - }, - { - "name" : "36096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36096" - }, - { - "name" : "ADV-2009-2172", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2172" - }, - { - "name" : "macosx-appletalk-kernel-bo(52435)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT3757", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3757" + }, + { + "name": "36096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36096" + }, + { + "name": "56838", + "refsource": "OSVDB", + "url": "http://osvdb.org/56838" + }, + { + "name": "APPLE-SA-2009-08-05-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html" + }, + { + "name": "1022674", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022674" + }, + { + "name": "35954", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35954" + }, + { + "name": "macosx-appletalk-kernel-bo(52435)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52435" + }, + { + "name": "ADV-2009-2172", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2172" + }, + { + "name": "TA09-218A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2624.json b/2009/2xxx/CVE-2009-2624.json index 2106bb9a954..ce74dc4b484 100644 --- a/2009/2xxx/CVE-2009-2624.json +++ b/2009/2xxx/CVE-2009-2624.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2009-2624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[bug-gzip] 20091002 gzip-1.3.13 released [major]", - "refsource" : "MLIST", - "url" : "http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263" - }, - { - "name" : "http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=514711", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=514711" - }, - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "DSA-1974", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-1974" - }, - { - "name" : "MDVSA-2010:020", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:020" - }, - { - "name" : "SUSE-SA:2010:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html" - }, - { - "name" : "USN-889-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-889-1" - }, - { - "name" : "38132", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38132" - }, - { - "name" : "38223", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38223" - }, - { - "name" : "38232", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38232" - }, - { - "name" : "ADV-2010-0185", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "ADV-2010-0185", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0185" + }, + { + "name": "USN-889-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-889-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=514711", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514711" + }, + { + "name": "[bug-gzip] 20091002 gzip-1.3.13 released [major]", + "refsource": "MLIST", + "url": "http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "DSA-1974", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-1974" + }, + { + "name": "MDVSA-2010:020", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:020" + }, + { + "name": "http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2" + }, + { + "name": "38223", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38223" + }, + { + "name": "38132", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38132" + }, + { + "name": "SUSE-SA:2010:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html" + }, + { + "name": "38232", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38232" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2688.json b/2009/2xxx/CVE-2009-2688.json index f7219ef057f..8c1ea40aa17 100644 --- a/2009/2xxx/CVE-2009-2688.json +++ b/2009/2xxx/CVE-2009-2688.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2688", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) the tiff_instantiate function processing a crafted TIFF file, (2) the png_instantiate function processing a crafted PNG file, and (3) the jpeg_instantiate function processing a crafted JPEG file, all which trigger a heap-based buffer overflow. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2688", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tracker.xemacs.org/XEmacs/its/issue534", - "refsource" : "MISC", - "url" : "http://tracker.xemacs.org/XEmacs/its/issue534" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=275397", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=275397" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=511994", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=511994" - }, - { - "name" : "35473", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35473" - }, - { - "name" : "55298", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55298" - }, - { - "name" : "35348", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35348" - }, - { - "name" : "ADV-2009-1666", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1666" - }, - { - "name" : "xemacs-jpeg-bo(51334)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51334" - }, - { - "name" : "xemacs-png-bo(51333)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51333" - }, - { - "name" : "xemacs-tiff-bo(51332)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51332" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) the tiff_instantiate function processing a crafted TIFF file, (2) the png_instantiate function processing a crafted PNG file, and (3) the jpeg_instantiate function processing a crafted JPEG file, all which trigger a heap-based buffer overflow. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35348", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35348" + }, + { + "name": "xemacs-jpeg-bo(51334)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51334" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=275397", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=275397" + }, + { + "name": "http://tracker.xemacs.org/XEmacs/its/issue534", + "refsource": "MISC", + "url": "http://tracker.xemacs.org/XEmacs/its/issue534" + }, + { + "name": "35473", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35473" + }, + { + "name": "ADV-2009-1666", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1666" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=511994", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=511994" + }, + { + "name": "55298", + "refsource": "OSVDB", + "url": "http://osvdb.org/55298" + }, + { + "name": "xemacs-tiff-bo(51332)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51332" + }, + { + "name": "xemacs-png-bo(51333)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51333" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3623.json b/2009/3xxx/CVE-2009-3623.json index 7fa04c60568..e6d1afdba4a 100644 --- a/2009/3xxx/CVE-2009-3623.json +++ b/2009/3xxx/CVE-2009-3623.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3623", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 subsystem in the Linux kernel before 2.6.31.2 attempts to access a credentials cache even when a client specifies the AUTH_NULL authentication flavor, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an NFSv4 mount request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20091022 CVE request: kernel: nfsd4: fix null dereference creating nfsv4 callback client", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125618753029631&w=2" - }, - { - "name" : "[oss-security] 20091022 Re: CVE request: kernel: nfsd4: fix null dereference creating nfsv4 callback client", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125624036516377&w=2" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=80fc015bdfe1f5b870c1e1ee02d78e709523fee7", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=80fc015bdfe1f5b870c1e1ee02d78e709523fee7" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=886e3b7fe6054230c89ae078a09565ed183ecc73", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=886e3b7fe6054230c89ae078a09565ed183ecc73" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.2" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc1", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=530269", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=530269" - }, - { - "name" : "USN-864-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-864-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 subsystem in the Linux kernel before 2.6.31.2 attempts to access a credentials cache even when a client specifies the AUTH_NULL authentication flavor, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an NFSv4 mount request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=886e3b7fe6054230c89ae078a09565ed183ecc73", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=886e3b7fe6054230c89ae078a09565ed183ecc73" + }, + { + "name": "USN-864-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-864-1" + }, + { + "name": "[oss-security] 20091022 CVE request: kernel: nfsd4: fix null dereference creating nfsv4 callback client", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125618753029631&w=2" + }, + { + "name": "[oss-security] 20091022 Re: CVE request: kernel: nfsd4: fix null dereference creating nfsv4 callback client", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125624036516377&w=2" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc1", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=530269", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530269" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.2" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=80fc015bdfe1f5b870c1e1ee02d78e709523fee7", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=80fc015bdfe1f5b870c1e1ee02d78e709523fee7" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3817.json b/2009/3xxx/CVE-2009-3817.json index 6b4975c6d27..aaebdd1fbf0 100644 --- a/2009/3xxx/CVE-2009-3817.json +++ b/2009/3xxx/CVE-2009-3817.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/bid/36732/exploit", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/bid/36732/exploit" - }, - { - "name" : "36732", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36732" - }, - { - "name" : "ADV-2009-2969", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2969" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securityfocus.com/bid/36732/exploit", + "refsource": "MISC", + "url": "http://www.securityfocus.com/bid/36732/exploit" + }, + { + "name": "ADV-2009-2969", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2969" + }, + { + "name": "36732", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36732" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3825.json b/2009/3xxx/CVE-2009-3825.json index 881a34a98ec..f8ec9387a2c 100644 --- a/2009/3xxx/CVE-2009-3825.json +++ b/2009/3xxx/CVE-2009-3825.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in GenCMS 2006 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p parameter to show.php and the (2) Template parameter to admin/pages/SiteNew.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9103", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9103" - }, - { - "name" : "gencms-show-file-include(51653)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51653" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in GenCMS 2006 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p parameter to show.php and the (2) Template parameter to admin/pages/SiteNew.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gencms-show-file-include(51653)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51653" + }, + { + "name": "9103", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9103" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3973.json b/2009/3xxx/CVE-2009-3973.json index ce6c9c1e9c9..7f3df62e8b7 100644 --- a/2009/3xxx/CVE-2009-3973.json +++ b/2009/3xxx/CVE-2009-3973.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a browse action, a different vector than CVE-2008-5629." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9511", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9511" - }, - { - "name" : "36129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36129" - }, - { - "name" : "ADV-2009-2408", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a browse action, a different vector than CVE-2008-5629." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36129" + }, + { + "name": "ADV-2009-2408", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2408" + }, + { + "name": "9511", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9511" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0030.json b/2015/0xxx/CVE-2015-0030.json index 651e91a8c5e..aec6c52eb92 100644 --- a/2015/0xxx/CVE-2015-0030.json +++ b/2015/0xxx/CVE-2015-0030.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-0030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009" - }, - { - "name" : "72444", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72444" - }, - { - "name" : "1031723", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72444", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72444" + }, + { + "name": "1031723", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031723" + }, + { + "name": "MS15-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0652.json b/2015/0xxx/CVE-2015-0652.json index a80742b97e1..87170e50804 100644 --- a/2015/0xxx/CVE-2015-0652.json +++ b/2015/0xxx/CVE-2015-0652.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Session Description Protocol (SDP) implementation in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X8.2 and Cisco TelePresence Conductor before XC2.4 allows remote attackers to cause a denial of service (mishandled exception and device reload) via a crafted media description, aka Bug IDs CSCus96593 and CSCun73192." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150311 Multiple Vulnerabilities in Cisco TelePresence Video Communication Server, Cisco Expressway, and Cisco TelePresence Conductor", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs" - }, - { - "name" : "1031910", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031910" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Session Description Protocol (SDP) implementation in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X8.2 and Cisco TelePresence Conductor before XC2.4 allows remote attackers to cause a denial of service (mishandled exception and device reload) via a crafted media description, aka Bug IDs CSCus96593 and CSCun73192." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031910", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031910" + }, + { + "name": "20150311 Multiple Vulnerabilities in Cisco TelePresence Video Communication Server, Cisco Expressway, and Cisco TelePresence Conductor", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0803.json b/2015/0xxx/CVE-2015-0803.json index 9f0d099680d..147113e4425 100644 --- a/2015/0xxx/CVE-2015-0803.json +++ b/2015/0xxx/CVE-2015-0803.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-0803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-39.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-39.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1134561", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1134561" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "GLSA-201512-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201512-10" - }, - { - "name" : "openSUSE-SU-2015:0677", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html" - }, - { - "name" : "USN-2550-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2550-1" - }, - { - "name" : "1031996", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031996", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031996" + }, + { + "name": "GLSA-201512-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201512-10" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-39.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-39.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1134561", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1134561" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "USN-2550-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2550-1" + }, + { + "name": "openSUSE-SU-2015:0677", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0863.json b/2015/0xxx/CVE-2015-0863.json index f2e337e5be5..26b974cc18c 100644 --- a/2015/0xxx/CVE-2015-0863.json +++ b/2015/0xxx/CVE-2015-0863.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0863", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.nowsecure.com/blog/2015/01/26/samsung-account-and-galaxy-apps-technical-breakdown-cve-2015-0863-and-cve-2015-0864/", - "refsource" : "MISC", - "url" : "https://www.nowsecure.com/blog/2015/01/26/samsung-account-and-galaxy-apps-technical-breakdown-cve-2015-0863-and-cve-2015-0864/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.nowsecure.com/blog/2015/01/26/samsung-account-and-galaxy-apps-technical-breakdown-cve-2015-0863-and-cve-2015-0864/", + "refsource": "MISC", + "url": "https://www.nowsecure.com/blog/2015/01/26/samsung-account-and-galaxy-apps-technical-breakdown-cve-2015-0863-and-cve-2015-0864/" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1371.json b/2015/1xxx/CVE-2015-1371.json index 70ab362e792..58b4a93b5b9 100644 --- a/2015/1xxx/CVE-2015-1371.json +++ b/2015/1xxx/CVE-2015-1371.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in custom/uploads/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150122 Multiple stored/reflecting XSS- and SQLi-vulnerabilities and unrestricted file-upload in ferretCMS v. 1.0.4-alpha", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/98" - }, - { - "name" : "[oss-security] 20150123 CVE-Request -- ferretCMS v.1.0.4-alpha -- Multiple reflecting/stored XSS- and SQLi-vulnerabilities, unrestricted file upload", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/23/3" - }, - { - "name" : "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-10.html", - "refsource" : "MISC", - "url" : "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-10.html" - }, - { - "name" : "https://github.com/JRogaishio/ferretCMS/issues/63", - "refsource" : "CONFIRM", - "url" : "https://github.com/JRogaishio/ferretCMS/issues/63" - }, - { - "name" : "72287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in custom/uploads/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/JRogaishio/ferretCMS/issues/63", + "refsource": "CONFIRM", + "url": "https://github.com/JRogaishio/ferretCMS/issues/63" + }, + { + "name": "72287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72287" + }, + { + "name": "[oss-security] 20150123 CVE-Request -- ferretCMS v.1.0.4-alpha -- Multiple reflecting/stored XSS- and SQLi-vulnerabilities, unrestricted file upload", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/23/3" + }, + { + "name": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-10.html", + "refsource": "MISC", + "url": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-10.html" + }, + { + "name": "20150122 Multiple stored/reflecting XSS- and SQLi-vulnerabilities and unrestricted file-upload in ferretCMS v. 1.0.4-alpha", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/98" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1429.json b/2015/1xxx/CVE-2015-1429.json index c56fb4ab4ec..eb2a666a635 100644 --- a/2015/1xxx/CVE-2015-1429.json +++ b/2015/1xxx/CVE-2015-1429.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Cybele Software Thinfinity Remote Desktop Workstation 3.0.0.3 32-bit and 64-bit allows remote attackers to download arbitrary files via a .. (dot dot) in an unspecified parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.perspectiverisk.com/security-advisory-thinfinity-remote-desktop-workstation-directory-traversal/", - "refsource" : "MISC", - "url" : "https://www.perspectiverisk.com/security-advisory-thinfinity-remote-desktop-workstation-directory-traversal/" - }, - { - "name" : "http://www.cybelesoft.com/blog/index.php/cybele-software-inc-security-bulletin-2", - "refsource" : "CONFIRM", - "url" : "http://www.cybelesoft.com/blog/index.php/cybele-software-inc-security-bulletin-2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Cybele Software Thinfinity Remote Desktop Workstation 3.0.0.3 32-bit and 64-bit allows remote attackers to download arbitrary files via a .. (dot dot) in an unspecified parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cybelesoft.com/blog/index.php/cybele-software-inc-security-bulletin-2", + "refsource": "CONFIRM", + "url": "http://www.cybelesoft.com/blog/index.php/cybele-software-inc-security-bulletin-2" + }, + { + "name": "https://www.perspectiverisk.com/security-advisory-thinfinity-remote-desktop-workstation-directory-traversal/", + "refsource": "MISC", + "url": "https://www.perspectiverisk.com/security-advisory-thinfinity-remote-desktop-workstation-directory-traversal/" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1454.json b/2015/1xxx/CVE-2015-1454.json index 6d90927195c..06306f2038d 100644 --- a/2015/1xxx/CVE-2015-1454.json +++ b/2015/1xxx/CVE-2015-1454.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Blue Coat ProxyClient before 3.3.3.3 and 3.4.x before 3.4.4.10 and Unified Agent before 4.1.3.151952 does not properly validate certain certificates, which allows man-in-the-middle attackers to spoof ProxySG Client Managers, and consequently modify configurations and execute arbitrary software updates, via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bto.bluecoat.com/security-advisory/sa89", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa89" - }, - { - "name" : "62617", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Blue Coat ProxyClient before 3.3.3.3 and 3.4.x before 3.4.4.10 and Unified Agent before 4.1.3.151952 does not properly validate certain certificates, which allows man-in-the-middle attackers to spoof ProxySG Client Managers, and consequently modify configurations and execute arbitrary software updates, via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bto.bluecoat.com/security-advisory/sa89", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa89" + }, + { + "name": "62617", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62617" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4059.json b/2015/4xxx/CVE-2015-4059.json index 9293a7b27f2..cac01306850 100644 --- a/2015/4xxx/CVE-2015-4059.json +++ b/2015/4xxx/CVE-2015-4059.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the License Server (LicenseServer.exe) in Wavelink Terminal Emulation (TE) allows remote attackers to execute arbitrary code via a large HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-245/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-245/" - }, - { - "name" : "74860", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74860" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the License Server (LicenseServer.exe) in Wavelink Terminal Emulation (TE) allows remote attackers to execute arbitrary code via a large HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-245/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-245/" + }, + { + "name": "74860", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74860" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4243.json b/2015/4xxx/CVE-2015-4243.json index 270c2996c02..8ca36b7aad4 100644 --- a/2015/4xxx/CVE-2015-4243.json +++ b/2015/4xxx/CVE-2015-4243.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR 1000 devices allows remote attackers to cause a denial of service (device reload) by sending malformed PPPoE Active Discovery Request (PADR) packets on the local network, aka Bug ID CSCty94202." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150707 Cisco IOS XE for Cisco 1000 Series ASR Routers Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39675" - }, - { - "name" : "1032805", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032805" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR 1000 devices allows remote attackers to cause a denial of service (device reload) by sending malformed PPPoE Active Discovery Request (PADR) packets on the local network, aka Bug ID CSCty94202." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032805", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032805" + }, + { + "name": "20150707 Cisco IOS XE for Cisco 1000 Series ASR Routers Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39675" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4476.json b/2015/4xxx/CVE-2015-4476.json index ebe2dd2c0e0..d6dbc36d292 100644 --- a/2015/4xxx/CVE-2015-4476.json +++ b/2015/4xxx/CVE-2015-4476.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 41.0 on Android allows user-assisted remote attackers to spoof address-bar attributes by leveraging lack of navigation after a paste of a URL with a nonstandard scheme, as demonstrated by spoofing an SSL attribute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-4476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-99.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-99.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1162372", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1162372" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "openSUSE-SU-2015:1658", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html" - }, - { - "name" : "76815", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76815" - }, - { - "name" : "1033640", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 41.0 on Android allows user-assisted remote attackers to spoof address-bar attributes by leveraging lack of navigation after a paste of a URL with a nonstandard scheme, as demonstrated by spoofing an SSL attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1162372", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1162372" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "76815", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76815" + }, + { + "name": "1033640", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033640" + }, + { + "name": "openSUSE-SU-2015:1658", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-99.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-99.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4807.json b/2015/4xxx/CVE-2015-4807.json index d648f9579b3..e8334ac3d3d 100644 --- a/2015/4xxx/CVE-2015-4807.json +++ b/2015/4xxx/CVE-2015-4807.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4807", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "FEDORA-2016-e30164d0a2", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html" - }, - { - "name" : "SUSE-SU-2016:0296", - "refsource" : "SUSE", - "url" : "https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html" - }, - { - "name" : "openSUSE-SU-2016:0368", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html" - }, - { - "name" : "openSUSE-SU-2015:2244", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html" - }, - { - "name" : "openSUSE-SU-2015:2246", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html" - }, - { - "name" : "77205", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77205" - }, - { - "name" : "1033894", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033894" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:2244", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html" + }, + { + "name": "1033894", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033894" + }, + { + "name": "SUSE-SU-2016:0296", + "refsource": "SUSE", + "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "77205", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77205" + }, + { + "name": "openSUSE-SU-2015:2246", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "openSUSE-SU-2016:0368", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html" + }, + { + "name": "FEDORA-2016-e30164d0a2", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4839.json b/2015/4xxx/CVE-2015-4839.json index de5ebeaee04..68169c6e807 100644 --- a/2015/4xxx/CVE-2015-4839.json +++ b/2015/4xxx/CVE-2015-4839.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4839", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to DB Listener, a different vulnerability than CVE-2015-4798." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "77255", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77255" - }, - { - "name" : "1033877", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033877" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to DB Listener, a different vulnerability than CVE-2015-4798." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033877", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033877" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "77255", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77255" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8345.json b/2015/8xxx/CVE-2015-8345.json index fa02874848b..047b43142f9 100644 --- a/2015/8xxx/CVE-2015-8345.json +++ b/2015/8xxx/CVE-2015-8345.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20151125 Re: CVE request Qemu: net: eepro100: infinite loop in processing command block list", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/11/25/11" - }, - { - "name" : "[qemu-devel] 20151016 [Qemu-devel] [PATCH] eepro100: prevent an infinite loop over same comman", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html" - }, - { - "name" : "DSA-3469", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3469" - }, - { - "name" : "DSA-3470", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3470" - }, - { - "name" : "DSA-3471", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3471" - }, - { - "name" : "GLSA-201602-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201602-01" - }, - { - "name" : "77985", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "77985", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77985" + }, + { + "name": "[oss-security] 20151125 Re: CVE request Qemu: net: eepro100: infinite loop in processing command block list", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/11/25/11" + }, + { + "name": "DSA-3469", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3469" + }, + { + "name": "DSA-3470", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3470" + }, + { + "name": "[qemu-devel] 20151016 [Qemu-devel] [PATCH] eepro100: prevent an infinite loop over same comman", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html" + }, + { + "name": "DSA-3471", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3471" + }, + { + "name": "GLSA-201602-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201602-01" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8581.json b/2015/8xxx/CVE-2015-8581.json index eb26c7f7668..d1b9052ca66 100644 --- a/2015/8xxx/CVE-2015-8581.json +++ b/2015/8xxx/CVE-2015-8581.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8581", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-0779. Reason: This candidate is a duplicate of CVE-2016-0779. Notes: All CVE users should reference CVE-2016-0779 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-8581", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-0779. Reason: This candidate is a duplicate of CVE-2016-0779. Notes: All CVE users should reference CVE-2016-0779 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8895.json b/2015/8xxx/CVE-2015-8895.json index eeaab12314f..eb145f2a4d3 100644 --- a/2015/8xxx/CVE-2015-8895.json +++ b/2015/8xxx/CVE-2015-8895.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160602 Re: ImageMagick CVEs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "RHSA-2016:1237", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1237" - }, - { - "name" : "91025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:1237", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1237" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747" + }, + { + "name": "91025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91025" + }, + { + "name": "[oss-security] 20160602 Re: ImageMagick CVEs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8920.json b/2015/8xxx/CVE-2015-8920.json index 9b428959f4b..0f9cde94509 100644 --- a/2015/8xxx/CVE-2015-8920.json +++ b/2015/8xxx/CVE-2015-8920.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160617 Many invalid memory access issues in libarchive", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/17/2" - }, - { - "name" : "[oss-security] 20160617 Re: Many invalid memory access issues in libarchive", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/17/5" - }, - { - "name" : "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html", - "refsource" : "MISC", - "url" : "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html" - }, - { - "name" : "https://github.com/libarchive/libarchive/issues/511", - "refsource" : "CONFIRM", - "url" : "https://github.com/libarchive/libarchive/issues/511" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" - }, - { - "name" : "DSA-3657", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3657" - }, - { - "name" : "GLSA-201701-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-03" - }, - { - "name" : "RHSA-2016:1844", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1844.html" - }, - { - "name" : "RHSA-2016:1850", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1850.html" - }, - { - "name" : "SUSE-SU-2016:1909", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html" - }, - { - "name" : "USN-3033-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3033-1" - }, - { - "name" : "91301", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91301" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91301", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91301" + }, + { + "name": "USN-3033-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3033-1" + }, + { + "name": "RHSA-2016:1844", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1844.html" + }, + { + "name": "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html", + "refsource": "MISC", + "url": "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" + }, + { + "name": "SUSE-SU-2016:1909", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html" + }, + { + "name": "https://github.com/libarchive/libarchive/issues/511", + "refsource": "CONFIRM", + "url": "https://github.com/libarchive/libarchive/issues/511" + }, + { + "name": "RHSA-2016:1850", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1850.html" + }, + { + "name": "[oss-security] 20160617 Many invalid memory access issues in libarchive", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/17/2" + }, + { + "name": "GLSA-201701-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-03" + }, + { + "name": "[oss-security] 20160617 Re: Many invalid memory access issues in libarchive", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/17/5" + }, + { + "name": "DSA-3657", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3657" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9175.json b/2015/9xxx/CVE-2015-9175.json index d10da7b6868..7956c2288bc 100644 --- a/2015/9xxx/CVE-2015-9175.json +++ b/2015/9xxx/CVE-2015-9175.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2015-9175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, lack of input validation could lead to an untrusted pointer dereference in wv_dash_core_generic_verify()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted pointer dereference in QTEE" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2015-9175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, lack of input validation could lead to an untrusted pointer dereference in wv_dash_core_generic_verify()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted pointer dereference in QTEE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9273.json b/2015/9xxx/CVE-2015-9273.json index 83c55117700..7f92889b6b5 100644 --- a/2015/9xxx/CVE-2015-9273.json +++ b/2015/9xxx/CVE-2015-9273.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-9273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://plugins.svn.wordpress.org//wp-slimstat/tags/4.1.6.1/readme.txt", - "refsource" : "MISC", - "url" : "http://plugins.svn.wordpress.org//wp-slimstat/tags/4.1.6.1/readme.txt" - }, - { - "name" : "https://plugins.trac.wordpress.org/changeset/1204104", - "refsource" : "MISC", - "url" : "https://plugins.trac.wordpress.org/changeset/1204104" - }, - { - "name" : "https://www.openwall.com/lists/oss-security/2015/07/30/1", - "refsource" : "MISC", - "url" : "https://www.openwall.com/lists/oss-security/2015/07/30/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.openwall.com/lists/oss-security/2015/07/30/1", + "refsource": "MISC", + "url": "https://www.openwall.com/lists/oss-security/2015/07/30/1" + }, + { + "name": "https://plugins.trac.wordpress.org/changeset/1204104", + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/changeset/1204104" + }, + { + "name": "http://plugins.svn.wordpress.org//wp-slimstat/tags/4.1.6.1/readme.txt", + "refsource": "MISC", + "url": "http://plugins.svn.wordpress.org//wp-slimstat/tags/4.1.6.1/readme.txt" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5821.json b/2016/5xxx/CVE-2016-5821.json index 4729fad31c2..8390af05d4e 100644 --- a/2016/5xxx/CVE-2016-5821.json +++ b/2016/5xxx/CVE-2016-5821.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.301 (China) use a weak ACL (FILE_WRITE_DATA for BUILTIN\\Users) for the HiSuite service directory, which allows local users to gain SYSTEM privileges via a Trojan horse (1) SspiCli.dll or (2) USERENV.dll file or possibly other unspecified DLL files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160629 BFS-SA-2016-003: Huawei HiSuite Insecure Service Directory ACLs", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/538797/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/137733/Huawei-HiSuite-For-Windows-4.0.3.301-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/137733/Huawei-HiSuite-For-Windows-4.0.3.301-Privilege-Escalation.html" - }, - { - "name" : "https://labs.bluefrostsecurity.de/advisories/bfs-sa-2016-003/", - "refsource" : "MISC", - "url" : "https://labs.bluefrostsecurity.de/advisories/bfs-sa-2016-003/" - }, - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160624-01-hisuite-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160624-01-hisuite-en" - }, - { - "name" : "91418", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.301 (China) use a weak ACL (FILE_WRITE_DATA for BUILTIN\\Users) for the HiSuite service directory, which allows local users to gain SYSTEM privileges via a Trojan horse (1) SspiCli.dll or (2) USERENV.dll file or possibly other unspecified DLL files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://labs.bluefrostsecurity.de/advisories/bfs-sa-2016-003/", + "refsource": "MISC", + "url": "https://labs.bluefrostsecurity.de/advisories/bfs-sa-2016-003/" + }, + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160624-01-hisuite-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160624-01-hisuite-en" + }, + { + "name": "20160629 BFS-SA-2016-003: Huawei HiSuite Insecure Service Directory ACLs", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/538797/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/137733/Huawei-HiSuite-For-Windows-4.0.3.301-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/137733/Huawei-HiSuite-For-Windows-4.0.3.301-Privilege-Escalation.html" + }, + { + "name": "91418", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91418" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5953.json b/2016/5xxx/CVE-2016-5953.json index bb0b56c4bf0..20be3a92e17 100644 --- a/2016/5xxx/CVE-2016-5953.json +++ b/2016/5xxx/CVE-2016-5953.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-5953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sterling Order Management", - "version" : { - "version_data" : [ - { - "version_value" : "8.5" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "9.1" - }, - { - "version_value" : "9.2" - }, - { - "version_value" : "9.2.1" - }, - { - "version_value" : "9.3" - }, - { - "version_value" : "9.4" - }, - { - "version_value" : "9.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-5953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sterling Order Management", + "version": { + "version_data": [ + { + "version_value": "8.5" + }, + { + "version_value": "8.0" + }, + { + "version_value": "9.1" + }, + { + "version_value": "9.2" + }, + { + "version_value": "9.2.1" + }, + { + "version_value": "9.3" + }, + { + "version_value": "9.4" + }, + { + "version_value": "9.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21994521", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21994521" - }, - { - "name" : "95431", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95431" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21994521", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21994521" + }, + { + "name": "95431", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95431" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2476.json b/2018/2xxx/CVE-2018-2476.json index 68f80a411e9..3b5f5826244 100644 --- a/2018/2xxx/CVE-2018-2476.json +++ b/2018/2xxx/CVE-2018-2476.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2018-2476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP NetWeaver (forums)", - "version" : { - "version_data" : [ - { - "version_name" : "=", - "version_value" : "7.30" - }, - { - "version_name" : "=", - "version_value" : "7.31" - }, - { - "version_name" : "=", - "version_value" : "7.40" - } - ] - } - } - ] - }, - "vendor_name" : "SAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "URL Redirection" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2018-2476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver (forums)", + "version": { + "version_data": [ + { + "version_name": "=", + "version_value": "7.30" + }, + { + "version_name": "=", + "version_value": "7.31" + }, + { + "version_name": "=", + "version_value": "7.40" + } + ] + } + } + ] + }, + "vendor_name": "SAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.support.sap.com/#/notes/2658755", - "refsource" : "MISC", - "url" : "https://launchpad.support.sap.com/#/notes/2658755" - }, - { - "name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832", - "refsource" : "MISC", - "url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832" - }, - { - "name" : "105898", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105898" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "URL Redirection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://launchpad.support.sap.com/#/notes/2658755", + "refsource": "MISC", + "url": "https://launchpad.support.sap.com/#/notes/2658755" + }, + { + "name": "105898", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105898" + }, + { + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832", + "refsource": "MISC", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2785.json b/2018/2xxx/CVE-2018-2785.json index c28d5ebbbd0..d6a22cdd0c0 100644 --- a/2018/2xxx/CVE-2018-2785.json +++ b/2018/2xxx/CVE-2018-2785.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PT PeopleTools", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.54" - }, - { - "version_affected" : "=", - "version_value" : "8.55" - }, - { - "version_affected" : "=", - "version_value" : "8.56" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Stylesheet). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.54" + }, + { + "version_affected": "=", + "version_value": "8.55" + }, + { + "version_affected": "=", + "version_value": "8.56" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "103897", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103897" - }, - { - "name" : "1040701", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040701" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Stylesheet). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103897", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103897" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "1040701", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040701" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2803.json b/2018/2xxx/CVE-2018-2803.json index 66e96806fb3..a40d3bda232 100644 --- a/2018/2xxx/CVE-2018-2803.json +++ b/2018/2xxx/CVE-2018-2803.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Reporting and Analytics", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "9.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). The supported version that is affected is 9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Reporting and Analytics", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "103912", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103912" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). The supported version that is affected is 9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103912", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103912" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2962.json b/2018/2xxx/CVE-2018-2962.json index f1199a93e9f..9b5418f437d 100644 --- a/2018/2xxx/CVE-2018-2962.json +++ b/2018/2xxx/CVE-2018-2962.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Primavera P6 Enterprise Project Portfolio Management", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.4" - }, - { - "version_affected" : "=", - "version_value" : "15.x" - }, - { - "version_affected" : "=", - "version_value" : "16.x" - }, - { - "version_affected" : "=", - "version_value" : "17.x" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.x, 16.x and 17.x. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Primavera P6 Enterprise Project Portfolio Management", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.4" + }, + { + "version_affected": "=", + "version_value": "15.x" + }, + { + "version_affected": "=", + "version_value": "16.x" + }, + { + "version_affected": "=", + "version_value": "17.x" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104826", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104826" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.x, 16.x and 17.x. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104826", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104826" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3465.json b/2018/3xxx/CVE-2018-3465.json index 42f848379c6..67d98f6d23d 100644 --- a/2018/3xxx/CVE-2018-3465.json +++ b/2018/3xxx/CVE-2018-3465.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3465", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3465", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6358.json b/2018/6xxx/CVE-2018-6358.json index fcbd27d1cbc..7bd2827b3ef 100644 --- a/2018/6xxx/CVE-2018-6358.json +++ b/2018/6xxx/CVE-2018-6358.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180409 [SECURITY] [DLA 1343-1] ming security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00008.html" - }, - { - "name" : "https://github.com/libming/libming/issues/104", - "refsource" : "CONFIRM", - "url" : "https://github.com/libming/libming/issues/104" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180409 [SECURITY] [DLA 1343-1] ming security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00008.html" + }, + { + "name": "https://github.com/libming/libming/issues/104", + "refsource": "CONFIRM", + "url": "https://github.com/libming/libming/issues/104" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6501.json b/2018/6xxx/CVE-2018-6501.json index 1c3ed6ebe0e..209bf50bc38 100644 --- a/2018/6xxx/CVE-2018-6501.json +++ b/2018/6xxx/CVE-2018-6501.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "ID" : "CVE-2018-6501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Potential security vulnerability of Insufficient Access Controls has been identified in ArcSight Management Center (ArcMC) for versions prior to 2.81. This vulnerability could be exploited to allow for insufficient access controls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2018-6501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142", - "refsource" : "CONFIRM", - "url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Potential security vulnerability of Insufficient Access Controls has been identified in ArcSight Management Center (ArcMC) for versions prior to 2.81. This vulnerability could be exploited to allow for insufficient access controls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142", + "refsource": "CONFIRM", + "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6918.json b/2018/6xxx/CVE-2018-6918.json index 2d3ead47dd1..be9ca774590 100644 --- a/2018/6xxx/CVE-2018-6918.json +++ b/2018/6xxx/CVE-2018-6918.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secteam@freebsd.org", - "DATE_PUBLIC" : "2018-04-04T00:00:00", - "ID" : "CVE-2018-6918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FreeBSD", - "version" : { - "version_data" : [ - { - "version_value" : "All supported versions of FreeBSD." - } - ] - } - } - ] - }, - "vendor_name" : "FreeBSD" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero. This issue can allow a remote attacker who is able to send an arbitrary packet to cause the machine to crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Kernel crash or denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "secteam@freebsd.org", + "DATE_PUBLIC": "2018-04-04T00:00:00", + "ID": "CVE-2018-6918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_value": "All supported versions of FreeBSD." + } + ] + } + } + ] + }, + "vendor_name": "FreeBSD" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-18:05", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:05.ipsec.asc" - }, - { - "name" : "103666", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103666" - }, - { - "name" : "1040628", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero. This issue can allow a remote attacker who is able to send an arbitrary packet to cause the machine to crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Kernel crash or denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040628", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040628" + }, + { + "name": "FreeBSD-SA-18:05", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:05.ipsec.asc" + }, + { + "name": "103666", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103666" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6919.json b/2018/6xxx/CVE-2018-6919.json index 1537aa2f0d6..4149655b599 100644 --- a/2018/6xxx/CVE-2018-6919.json +++ b/2018/6xxx/CVE-2018-6919.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secteam@freebsd.org", - "DATE_PUBLIC" : "2018-04-04T00:00:00", - "ID" : "CVE-2018-6919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FreeBSD", - "version" : { - "version_data" : [ - { - "version_value" : "All supported versions of FreeBSD." - } - ] - } - } - ] - }, - "vendor_name" : "FreeBSD" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes. Unprivileged users may be able to access small amounts privileged kernel data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Kernel memory disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secteam@freebsd.org", + "DATE_PUBLIC": "2018-04-04T00:00:00", + "ID": "CVE-2018-6919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_value": "All supported versions of FreeBSD." + } + ] + } + } + ] + }, + "vendor_name": "FreeBSD" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:04.mem.asc", - "refsource" : "CONFIRM", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:04.mem.asc" - }, - { - "name" : "103760", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes. Unprivileged users may be able to access small amounts privileged kernel data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Kernel memory disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103760", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103760" + }, + { + "name": "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:04.mem.asc", + "refsource": "CONFIRM", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:04.mem.asc" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7028.json b/2018/7xxx/CVE-2018-7028.json index 105e3079040..8182ca4c96f 100644 --- a/2018/7xxx/CVE-2018-7028.json +++ b/2018/7xxx/CVE-2018-7028.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7028", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7028", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7221.json b/2018/7xxx/CVE-2018-7221.json index 665fe556b49..b2bfd5d4ae9 100644 --- a/2018/7xxx/CVE-2018-7221.json +++ b/2018/7xxx/CVE-2018-7221.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7221", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7221", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7543.json b/2018/7xxx/CVE-2018-7543.json index 30c4b264246..f2e55faad81 100644 --- a/2018/7xxx/CVE-2018-7543.json +++ b/2018/7xxx/CVE-2018-7543.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44288", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44288/" - }, - { - "name" : "https://snapcreek.com/duplicator/docs/changelog/?lite", - "refsource" : "CONFIRM", - "url" : "https://snapcreek.com/duplicator/docs/changelog/?lite" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://snapcreek.com/duplicator/docs/changelog/?lite", + "refsource": "CONFIRM", + "url": "https://snapcreek.com/duplicator/docs/changelog/?lite" + }, + { + "name": "44288", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44288/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7556.json b/2018/7xxx/CVE-2018-7556.json index 7923b8db8be..2ae63d91122 100644 --- a/2018/7xxx/CVE-2018-7556.json +++ b/2018/7xxx/CVE-2018-7556.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.limesurvey.org/about-us/news/2075-limesurvey-security-advisory-02-2018", - "refsource" : "CONFIRM", - "url" : "https://www.limesurvey.org/about-us/news/2075-limesurvey-security-advisory-02-2018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.limesurvey.org/about-us/news/2075-limesurvey-security-advisory-02-2018", + "refsource": "CONFIRM", + "url": "https://www.limesurvey.org/about-us/news/2075-limesurvey-security-advisory-02-2018" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7697.json b/2018/7xxx/CVE-2018-7697.json index e15e00e24d2..2852f086baf 100644 --- a/2018/7xxx/CVE-2018-7697.json +++ b/2018/7xxx/CVE-2018-7697.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7697", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7697", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5078.json b/2019/5xxx/CVE-2019-5078.json index 0a6c5282361..7f3307d96a7 100644 --- a/2019/5xxx/CVE-2019-5078.json +++ b/2019/5xxx/CVE-2019-5078.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5078", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5078", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5256.json b/2019/5xxx/CVE-2019-5256.json index 427c09e0dac..f5d5635baca 100644 --- a/2019/5xxx/CVE-2019-5256.json +++ b/2019/5xxx/CVE-2019-5256.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5256", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5256", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5477.json b/2019/5xxx/CVE-2019-5477.json index eb86ac3ce12..a7fddc9ac90 100644 --- a/2019/5xxx/CVE-2019-5477.json +++ b/2019/5xxx/CVE-2019-5477.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5477", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5477", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5650.json b/2019/5xxx/CVE-2019-5650.json index 0cde6716517..85cfc97c859 100644 --- a/2019/5xxx/CVE-2019-5650.json +++ b/2019/5xxx/CVE-2019-5650.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5650", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5650", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5863.json b/2019/5xxx/CVE-2019-5863.json index 63b30a7dece..846ab49c196 100644 --- a/2019/5xxx/CVE-2019-5863.json +++ b/2019/5xxx/CVE-2019-5863.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5863", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5863", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file