diff --git a/2005/0xxx/CVE-2005-0286.json b/2005/0xxx/CVE-2005-0286.json index 1604cd4595b..f60484d425c 100644 --- a/2005/0xxx/CVE-2005-0286.json +++ b/2005/0xxx/CVE-2005-0286.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to obtain sensitive information via an HTTP request for a .bhtml file that contains a (1) . (dot) or (2) + (plus sign) at the end, which returns the source code for that file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050110 Portcullis Security Advisory 05-004", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110547824902053&w=2" - }, - { - "name" : "12236", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12236" - }, - { - "name" : "1012855", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012855" - }, - { - "name" : "13820", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13820" - }, - { - "name" : "mediapartner-bhtml-source-disclosure(18861)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to obtain sensitive information via an HTTP request for a .bhtml file that contains a (1) . (dot) or (2) + (plus sign) at the end, which returns the source code for that file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12236" + }, + { + "name": "13820", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13820" + }, + { + "name": "1012855", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012855" + }, + { + "name": "20050110 Portcullis Security Advisory 05-004", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110547824902053&w=2" + }, + { + "name": "mediapartner-bhtml-source-disclosure(18861)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18861" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0302.json b/2005/0xxx/CVE-2005-0302.json index ecc51b27036..69b9e9bc38b 100644 --- a/2005/0xxx/CVE-2005-0302.json +++ b/2005/0xxx/CVE-2005-0302.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0302", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050121 bug report comersus Back Office Lite 6.0 and 6.0.1", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110636597832556&w=2" - }, - { - "name" : "http://www.securiteam.com/windowsntfocus/5TP0Q0UEKI.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/windowsntfocus/5TP0Q0UEKI.html" - }, - { - "name" : "backoffice-lite-sql-injection(19013)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050121 bug report comersus Back Office Lite 6.0 and 6.0.1", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110636597832556&w=2" + }, + { + "name": "http://www.securiteam.com/windowsntfocus/5TP0Q0UEKI.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/windowsntfocus/5TP0Q0UEKI.html" + }, + { + "name": "backoffice-lite-sql-injection(19013)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19013" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0465.json b/2005/0xxx/CVE-2005-0465.json index 42535a9f06d..ff5a945ecba 100644 --- a/2005/0xxx/CVE-2005-0465.json +++ b/2005/0xxx/CVE-2005-0465.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gr_osview in SGI IRIX does not drop privileges before opening files, which allows local users to overwrite arbitrary files via the -s option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050407 SGI IRIX gr_osview File Overwrite Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=225&type=vulnerabilities" - }, - { - "name" : "20050402-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20050402-01-P" - }, - { - "name" : "1013662", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013662" - }, - { - "name" : "14875", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14875" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gr_osview in SGI IRIX does not drop privileges before opening files, which allows local users to overwrite arbitrary files via the -s option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013662", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013662" + }, + { + "name": "20050402-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20050402-01-P" + }, + { + "name": "20050407 SGI IRIX gr_osview File Overwrite Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=225&type=vulnerabilities" + }, + { + "name": "14875", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14875" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0543.json b/2005/0xxx/CVE-2005-0543.json index 9e6142665ef..3720f788e00 100644 --- a/2005/0xxx/CVE-2005-0543.json +++ b/2005/0xxx/CVE-2005-0543.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050224 [SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion and XSS cXIb8O3.4", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110929725801154&w=2" - }, - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1149383&group_id=23067&atid=377408", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1149383&group_id=23067&atid=377408" - }, - { - "name" : "GLSA-200503-07", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-07.xml" - }, - { - "name" : "12644", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12644" - }, - { - "name" : "14382", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14382" - }, - { - "name" : "phpmyadmin-multiple-php-xss(19462)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19462" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14382", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14382" + }, + { + "name": "phpmyadmin-multiple-php-xss(19462)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19462" + }, + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=1149383&group_id=23067&atid=377408", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1149383&group_id=23067&atid=377408" + }, + { + "name": "12644", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12644" + }, + { + "name": "GLSA-200503-07", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-07.xml" + }, + { + "name": "20050224 [SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion and XSS cXIb8O3.4", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110929725801154&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0829.json b/2005/0xxx/CVE-2005-0829.json index 72f35cb9cbf..3a53f15443e 100644 --- a/2005/0xxx/CVE-2005-0829.json +++ b/2005/0xxx/CVE-2005-0829.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0829", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in setuser.php of the Digitanium addon to PHP-Fusion 5.01 allows remote attackers to inject arbitrary web script or HTML via the (1) user_name or (2) user_pass parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050319 [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111125692513645&w=2" - }, - { - "name" : "20050319 Fw: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111142752220155&w=2" - }, - { - "name" : "20050319 Re: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111142918711745&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in setuser.php of the Digitanium addon to PHP-Fusion 5.01 allows remote attackers to inject arbitrary web script or HTML via the (1) user_name or (2) user_pass parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050319 [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111125692513645&w=2" + }, + { + "name": "20050319 Re: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111142918711745&w=2" + }, + { + "name": "20050319 Fw: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111142752220155&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1470.json b/2005/1xxx/CVE-2005-1470.json index 0da1d4411d7..32d108312a7 100644 --- a/2005/1xxx/CVE-2005-1470.json +++ b/2005/1xxx/CVE-2005-1470.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, (4) SMB, or (5) Bittorrent dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-1470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00019.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00019.html" - }, - { - "name" : "http://www.ethereal.com/news/item_20050504_01.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/news/item_20050504_01.html" - }, - { - "name" : "CLSA-2005:963", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000963" - }, - { - "name" : "FLSA-2006:152922", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" - }, - { - "name" : "RHSA-2005:427", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-427.html" - }, - { - "name" : "13504", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13504" - }, - { - "name" : "oval:org.mitre.oval:def:11804", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, (4) SMB, or (5) Bittorrent dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13504", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13504" + }, + { + "name": "RHSA-2005:427", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-427.html" + }, + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00019.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00019.html" + }, + { + "name": "FLSA-2006:152922", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" + }, + { + "name": "CLSA-2005:963", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000963" + }, + { + "name": "http://www.ethereal.com/news/item_20050504_01.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/news/item_20050504_01.html" + }, + { + "name": "oval:org.mitre.oval:def:11804", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11804" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1637.json b/2005/1xxx/CVE-2005-1637.json index 97c956848d2..99eb4831ef1 100644 --- a/2005/1xxx/CVE-2005-1637.json +++ b/2005/1xxx/CVE-2005-1637.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1637", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow remote attackers to execute arbitrary SQL commands via the thold parameter to (1) comments.php or (2) pollcomments.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.npds.org/article.php?sid=1258", - "refsource" : "CONFIRM", - "url" : "http://www.npds.org/article.php?sid=1258" - }, - { - "name" : "1013973", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013973" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow remote attackers to execute arbitrary SQL commands via the thold parameter to (1) comments.php or (2) pollcomments.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.npds.org/article.php?sid=1258", + "refsource": "CONFIRM", + "url": "http://www.npds.org/article.php?sid=1258" + }, + { + "name": "1013973", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013973" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3605.json b/2005/3xxx/CVE-2005-3605.json index 93b456b40e5..989be07a470 100644 --- a/2005/3xxx/CVE-2005-3605.json +++ b/2005/3xxx/CVE-2005-3605.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3605", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3605", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4071.json b/2005/4xxx/CVE-2005-4071.json index aceba188e83..179e4d1ae50 100644 --- a/2005/4xxx/CVE-2005-4071.json +++ b/2005/4xxx/CVE-2005-4071.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ForumID parameter in view_forum.cfm, and (2) ForumID, (3) Thread, and (4) ThreadID parameters in view_thread.cfm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/magic-forum-personal-sqlxss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/magic-forum-personal-sqlxss-vuln.html" - }, - { - "name" : "15774", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15774" - }, - { - "name" : "ADV-2005-2794", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2794" - }, - { - "name" : "21501", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21501" - }, - { - "name" : "21502", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21502" - }, - { - "name" : "17935", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17935" - }, - { - "name" : "magicforumpersonal-viewforum-sql-injection(23514)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ForumID parameter in view_forum.cfm, and (2) ForumID, (3) Thread, and (4) ThreadID parameters in view_thread.cfm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "magicforumpersonal-viewforum-sql-injection(23514)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23514" + }, + { + "name": "ADV-2005-2794", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2794" + }, + { + "name": "17935", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17935" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/magic-forum-personal-sqlxss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/magic-forum-personal-sqlxss-vuln.html" + }, + { + "name": "15774", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15774" + }, + { + "name": "21501", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21501" + }, + { + "name": "21502", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21502" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4718.json b/2005/4xxx/CVE-2005-4718.json index 5cdbdcc94b0..9ff89ec4d09 100644 --- a/2005/4xxx/CVE-2005-4718.json +++ b/2005/4xxx/CVE-2005-4718.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a crafted HTML file with a \"content: url(0);\" style attribute, a \"bodyA\" tag, a long string, and a \"u\" tag with a long attribute, as demonstrated by opera.html; and (2) a BGSOUND element with a \"margin:-99;\" STYLE attribute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=5054", - "refsource" : "MISC", - "url" : "http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=5054" - }, - { - "name" : "http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=5055", - "refsource" : "MISC", - "url" : "http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=5055" - }, - { - "name" : "1015067", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015067" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a crafted HTML file with a \"content: url(0);\" style attribute, a \"bodyA\" tag, a long string, and a \"u\" tag with a long attribute, as demonstrated by opera.html; and (2) a BGSOUND element with a \"margin:-99;\" STYLE attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015067", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015067" + }, + { + "name": "http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=5055", + "refsource": "MISC", + "url": "http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=5055" + }, + { + "name": "http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=5054", + "refsource": "MISC", + "url": "http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=5054" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4884.json b/2005/4xxx/CVE-2005-4884.json index 3289a5233b2..97d21ceeb3f 100644 --- a/2005/4xxx/CVE-2005-4884.json +++ b/2005/4xxx/CVE-2005-4884.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle OLAP component in Oracle Database Server 10.1.0.4 (10g) allows remote authenticated attackers to affect availability via unknown vectors, aka DB02." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle OLAP component in Oracle Database Server 10.1.0.4 (10g) allows remote authenticated attackers to affect availability via unknown vectors, aka DB02." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0298.json b/2009/0xxx/CVE-2009-0298.json index 08d49b49965..49cd6a0ae53 100644 --- a/2009/0xxx/CVE-2009-0298.json +++ b/2009/0xxx/CVE-2009-0298.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in MW6 Technologies Barcode ActiveX control (Barcode.MW6Barcode.1, Barcode.dll) 3.0.0.1 allows remote attackers to execute arbitrary code via a long Supplement property." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7869", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7869" - }, - { - "name" : "33451", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33451" - }, - { - "name" : "33663", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33663" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in MW6 Technologies Barcode ActiveX control (Barcode.MW6Barcode.1, Barcode.dll) 3.0.0.1 allows remote attackers to execute arbitrary code via a long Supplement property." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33663", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33663" + }, + { + "name": "33451", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33451" + }, + { + "name": "7869", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7869" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0629.json b/2009/0xxx/CVE-2009-0629.json index 94ff2ad2dab..1df6d359960 100644 --- a/2009/0xxx/CVE-2009-0629.json +++ b/2009/0xxx/CVE-2009-0629.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0629", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (aka DLSw), (6) Remote Source-Route Bridging (RSRB), (7) Point to Point Tunneling Protocol (PPTP), (8) X.25 for Record Boundary Preservation (RBP), (9) X.25 over TCP (XOT), and (10) X.25 Routing features in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (device reload) via a series of crafted TCP packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2009-0629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml" - }, - { - "name" : "20090325 Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a904cb.shtml" - }, - { - "name" : "34238", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34238" - }, - { - "name" : "1021903", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021903" - }, - { - "name" : "34438", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34438" - }, - { - "name" : "ADV-2009-0851", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0851" - }, - { - "name" : "ios-tcp-dos(49420)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49420" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (aka DLSw), (6) Remote Source-Route Bridging (RSRB), (7) Point to Point Tunneling Protocol (PPTP), (8) X.25 for Record Boundary Preservation (RBP), (9) X.25 over TCP (XOT), and (10) X.25 Routing features in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (device reload) via a series of crafted TCP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090325 Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a904cb.shtml" + }, + { + "name": "1021903", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021903" + }, + { + "name": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml" + }, + { + "name": "ios-tcp-dos(49420)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49420" + }, + { + "name": "34438", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34438" + }, + { + "name": "34238", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34238" + }, + { + "name": "ADV-2009-0851", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0851" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0893.json b/2009/0xxx/CVE-2009-0893.json index 1a162317d71..35760bbc3cd 100644 --- a/2009/0xxx/CVE-2009-0893.json +++ b/2009/0xxx/CVE-2009-0893.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple heap-based buffer overflows in xvidcore/src/decoder.c in the xvidcore library in Xvid before 1.2.2, as used by Windows Media Player and other applications, allow remote attackers to execute arbitrary code by providing a crafted macroblock (aka MBlock) number in a video stream in a crafted movie file that triggers heap memory corruption, related to a \"missing resync marker range check\" and the (1) decoder_iframe, (2) decoder_pframe, and (3) decoder_bframe functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.it-isac.org/postings/cyber/alertdetail.php?id=4634&selyear=2009&menutype=menupublic", - "refsource" : "MISC", - "url" : "https://www.it-isac.org/postings/cyber/alertdetail.php?id=4634&selyear=2009&menutype=menupublic" - }, - { - "name" : "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c", - "refsource" : "CONFIRM", - "url" : "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c" - }, - { - "name" : "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c?r1=1.80&r2=1.81", - "refsource" : "CONFIRM", - "url" : "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c?r1=1.80&r2=1.81" - }, - { - "name" : "http://www.xvid.org/News.64.0.html?&cHash=0170b4e439&tx_ttnews[backPid]=64&tx_ttnews[tt_news]=7", - "refsource" : "CONFIRM", - "url" : "http://www.xvid.org/News.64.0.html?&cHash=0170b4e439&tx_ttnews[backPid]=64&tx_ttnews[tt_news]=7" - }, - { - "name" : "35156", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35156" - }, - { - "name" : "35274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35274" - }, - { - "name" : "ADV-2009-1468", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1468" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple heap-based buffer overflows in xvidcore/src/decoder.c in the xvidcore library in Xvid before 1.2.2, as used by Windows Media Player and other applications, allow remote attackers to execute arbitrary code by providing a crafted macroblock (aka MBlock) number in a video stream in a crafted movie file that triggers heap memory corruption, related to a \"missing resync marker range check\" and the (1) decoder_iframe, (2) decoder_pframe, and (3) decoder_bframe functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35274" + }, + { + "name": "ADV-2009-1468", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1468" + }, + { + "name": "https://www.it-isac.org/postings/cyber/alertdetail.php?id=4634&selyear=2009&menutype=menupublic", + "refsource": "MISC", + "url": "https://www.it-isac.org/postings/cyber/alertdetail.php?id=4634&selyear=2009&menutype=menupublic" + }, + { + "name": "35156", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35156" + }, + { + "name": "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c", + "refsource": "CONFIRM", + "url": "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c" + }, + { + "name": "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c?r1=1.80&r2=1.81", + "refsource": "CONFIRM", + "url": "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c?r1=1.80&r2=1.81" + }, + { + "name": "http://www.xvid.org/News.64.0.html?&cHash=0170b4e439&tx_ttnews[backPid]=64&tx_ttnews[tt_news]=7", + "refsource": "CONFIRM", + "url": "http://www.xvid.org/News.64.0.html?&cHash=0170b4e439&tx_ttnews[backPid]=64&tx_ttnews[tt_news]=7" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0925.json b/2009/0xxx/CVE-2009-0925.json index ae8ac06177c..8eddbec1280 100644 --- a/2009/0xxx/CVE-2009-0925.json +++ b/2009/0xxx/CVE-2009-0925.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Sun Solaris 10 on SPARC sun4v systems, and OpenSolaris snv_47 through snv_85, allows local users to cause a denial of service (hang of UFS filesystem write) via unknown vectors related to the (1) ufs_getpage and (2) ufs_putapage routines, aka CR 6425723." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-103.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-103.htm" - }, - { - "name" : "254628", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254628-1" - }, - { - "name" : "34137", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34137" - }, - { - "name" : "1021850", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021850" - }, - { - "name" : "34331", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34331" - }, - { - "name" : "ADV-2009-0742", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0742" - }, - { - "name" : "ADV-2009-0876", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0876" - }, - { - "name" : "solaris-ufs-filesystem-sun4vdos(49282)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Sun Solaris 10 on SPARC sun4v systems, and OpenSolaris snv_47 through snv_85, allows local users to cause a denial of service (hang of UFS filesystem write) via unknown vectors related to the (1) ufs_getpage and (2) ufs_putapage routines, aka CR 6425723." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "254628", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254628-1" + }, + { + "name": "1021850", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021850" + }, + { + "name": "solaris-ufs-filesystem-sun4vdos(49282)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49282" + }, + { + "name": "ADV-2009-0742", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0742" + }, + { + "name": "34331", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34331" + }, + { + "name": "34137", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34137" + }, + { + "name": "ADV-2009-0876", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0876" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-103.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-103.htm" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1569.json b/2009/1xxx/CVE-2009-1569.json index 843a9230296..ff3d9e5c70d 100644 --- a/2009/1xxx/CVE-2009-1569.json +++ b/2009/1xxx/CVE-2009-1569.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in Novell iPrint Client 4.38, 5.30, and possibly other versions before 5.32 allow remote attackers to execute arbitrary code via vectors related to (1) Date and (2) Time." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2009-1569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091208 Secunia Research: Novell iPrint Client Date/Time Parsing Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508288/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2009-44/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2009-44/" - }, - { - "name" : "http://download.novell.com/Download?buildid=29T3EFRky18~", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=29T3EFRky18~" - }, - { - "name" : "37242", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37242" - }, - { - "name" : "35004", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35004" - }, - { - "name" : "37169", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37169" - }, - { - "name" : "ADV-2009-3429", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3429" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in Novell iPrint Client 4.38, 5.30, and possibly other versions before 5.32 allow remote attackers to execute arbitrary code via vectors related to (1) Date and (2) Time." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://download.novell.com/Download?buildid=29T3EFRky18~", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=29T3EFRky18~" + }, + { + "name": "20091208 Secunia Research: Novell iPrint Client Date/Time Parsing Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508288/100/0/threaded" + }, + { + "name": "ADV-2009-3429", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3429" + }, + { + "name": "37242", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37242" + }, + { + "name": "35004", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35004" + }, + { + "name": "http://secunia.com/secunia_research/2009-44/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2009-44/" + }, + { + "name": "37169", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37169" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1723.json b/2009/1xxx/CVE-2009-1723.json index 45013ddb58a..c4ec86ec376 100644 --- a/2009/1xxx/CVE-2009-1723.json +++ b/2009/1xxx/CVE-2009-1723.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3757", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3757" - }, - { - "name" : "http://support.apple.com/kb/HT4225", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4225" - }, - { - "name" : "APPLE-SA-2009-08-05-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html" - }, - { - "name" : "APPLE-SA-2010-06-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" - }, - { - "name" : "TA09-218A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-218A.html" - }, - { - "name" : "35954", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35954" - }, - { - "name" : "56846", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56846" - }, - { - "name" : "36096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36096" - }, - { - "name" : "ADV-2009-2172", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2172" - }, - { - "name" : "macosx-cfnetwork-weak-security(52418)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT3757", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3757" + }, + { + "name": "http://support.apple.com/kb/HT4225", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4225" + }, + { + "name": "36096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36096" + }, + { + "name": "macosx-cfnetwork-weak-security(52418)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52418" + }, + { + "name": "APPLE-SA-2009-08-05-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html" + }, + { + "name": "35954", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35954" + }, + { + "name": "56846", + "refsource": "OSVDB", + "url": "http://osvdb.org/56846" + }, + { + "name": "ADV-2009-2172", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2172" + }, + { + "name": "APPLE-SA-2010-06-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" + }, + { + "name": "TA09-218A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1794.json b/2009/1xxx/CVE-2009-1794.json index 178ee5a8380..331aed6103d 100644 --- a/2009/1xxx/CVE-2009-1794.json +++ b/2009/1xxx/CVE-2009-1794.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1794", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1794", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3785.json b/2009/3xxx/CVE-2009-3785.json index 6627a08dce4..c99710bd28c 100644 --- a/2009/3xxx/CVE-2009-3785.json +++ b/2009/3xxx/CVE-2009-3785.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allow remote attackers to hijack the authentication of arbitrary users via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/590098", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/590098" - }, - { - "name" : "http://drupal.org/node/611002", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/611002" - }, - { - "name" : "36790", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36790" - }, - { - "name" : "37128", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37128" - }, - { - "name" : "simplenews-unspecified-csrf(53906)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53906" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allow remote attackers to hijack the authentication of arbitrary users via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37128", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37128" + }, + { + "name": "http://drupal.org/node/611002", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/611002" + }, + { + "name": "http://drupal.org/node/590098", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/590098" + }, + { + "name": "simplenews-unspecified-csrf(53906)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53906" + }, + { + "name": "36790", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36790" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3832.json b/2009/3xxx/CVE-2009-3832.json index 7840b69a3cd..37d9023a1bc 100644 --- a/2009/3xxx/CVE-2009-3832.json +++ b/2009/3xxx/CVE-2009-3832.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/windows/1001/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1001/" - }, - { - "name" : "http://www.opera.com/support/kb/view/940/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/940/" - }, - { - "name" : "36850", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36850" - }, - { - "name" : "59359", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/59359" - }, - { - "name" : "oval:org.mitre.oval:def:6384", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6384" - }, - { - "name" : "37182", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37182" - }, - { - "name" : "ADV-2009-3073", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3073" - }, - { - "name" : "opera-web-fonts-spoofing(54022)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54022" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59359", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/59359" + }, + { + "name": "ADV-2009-3073", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3073" + }, + { + "name": "http://www.opera.com/support/kb/view/940/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/940/" + }, + { + "name": "37182", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37182" + }, + { + "name": "36850", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36850" + }, + { + "name": "opera-web-fonts-spoofing(54022)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54022" + }, + { + "name": "oval:org.mitre.oval:def:6384", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6384" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1001/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1001/" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4245.json b/2009/4xxx/CVE-2009-4245.json index 3e56dbbd768..6913c568052 100644 --- a/2009/4xxx/CVE-2009-4245.json +++ b/2009/4xxx/CVE-2009-4245.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4245", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[datatype-cvs] 20080722 image/gif/common gifcodec.cpp, 1.6, 1.7 gifimage.cpp, 1.5, 1.6", - "refsource" : "MLIST", - "url" : "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html" - }, - { - "name" : "http://service.real.com/realplayer/security/01192010_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/01192010_player/en/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=561441", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=561441" - }, - { - "name" : "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7", - "refsource" : "CONFIRM", - "url" : "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7" - }, - { - "name" : "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6", - "refsource" : "CONFIRM", - "url" : "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6" - }, - { - "name" : "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5", - "refsource" : "CONFIRM", - "url" : "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5" - }, - { - "name" : "RHSA-2010:0094", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0094.html" - }, - { - "name" : "37880", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37880" - }, - { - "name" : "61969", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61969" - }, - { - "name" : "oval:org.mitre.oval:def:9998", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998" - }, - { - "name" : "1023489", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023489" - }, - { - "name" : "38218", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38218" - }, - { - "name" : "38450", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38450" - }, - { - "name" : "ADV-2010-0178", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0178" - }, - { - "name" : "realplayer-gifimage-bo(55800)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55800" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2010:0094", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html" + }, + { + "name": "[datatype-cvs] 20080722 image/gif/common gifcodec.cpp, 1.6, 1.7 gifimage.cpp, 1.5, 1.6", + "refsource": "MLIST", + "url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html" + }, + { + "name": "ADV-2010-0178", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0178" + }, + { + "name": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7", + "refsource": "CONFIRM", + "url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7" + }, + { + "name": "61969", + "refsource": "OSVDB", + "url": "http://osvdb.org/61969" + }, + { + "name": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6", + "refsource": "CONFIRM", + "url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6" + }, + { + "name": "1023489", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023489" + }, + { + "name": "http://service.real.com/realplayer/security/01192010_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/01192010_player/en/" + }, + { + "name": "38450", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38450" + }, + { + "name": "oval:org.mitre.oval:def:9998", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998" + }, + { + "name": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5", + "refsource": "CONFIRM", + "url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5" + }, + { + "name": "38218", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38218" + }, + { + "name": "realplayer-gifimage-bo(55800)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55800" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=561441", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441" + }, + { + "name": "37880", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37880" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4473.json b/2009/4xxx/CVE-2009-4473.json index bbf91d0a31f..04318574d31 100644 --- a/2009/4xxx/CVE-2009-4473.json +++ b/2009/4xxx/CVE-2009-4473.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in WorkArea/ContentDesigner/ekformsiframe.aspx in Ektron CMS400.NET 7.6.1.53 and 7.6.6.47, and possibly 7.52 through 7.66sp2, allow remote attackers to inject arbitrary web script or HTML via the (1) css, (2) eca, (3) id, and (4) skin parameters. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dev.ektron.com/forum.aspx?g=posts&t=28048", - "refsource" : "MISC", - "url" : "http://dev.ektron.com/forum.aspx?g=posts&t=28048" - }, - { - "name" : "http://dev.ektron.com/notices.aspx?id=19074", - "refsource" : "MISC", - "url" : "http://dev.ektron.com/notices.aspx?id=19074" - }, - { - "name" : "36279", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36279" - }, - { - "name" : "57667", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/57667" - }, - { - "name" : "36591", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36591" - }, - { - "name" : "cms400-ekformsiframe-xss(53043)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53043" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in WorkArea/ContentDesigner/ekformsiframe.aspx in Ektron CMS400.NET 7.6.1.53 and 7.6.6.47, and possibly 7.52 through 7.66sp2, allow remote attackers to inject arbitrary web script or HTML via the (1) css, (2) eca, (3) id, and (4) skin parameters. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36279", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36279" + }, + { + "name": "http://dev.ektron.com/notices.aspx?id=19074", + "refsource": "MISC", + "url": "http://dev.ektron.com/notices.aspx?id=19074" + }, + { + "name": "57667", + "refsource": "OSVDB", + "url": "http://osvdb.org/57667" + }, + { + "name": "cms400-ekformsiframe-xss(53043)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53043" + }, + { + "name": "http://dev.ektron.com/forum.aspx?g=posts&t=28048", + "refsource": "MISC", + "url": "http://dev.ektron.com/forum.aspx?g=posts&t=28048" + }, + { + "name": "36591", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36591" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4585.json b/2009/4xxx/CVE-2009-4585.json index fb5d13a8a3c..2d92c19d1f2 100644 --- a/2009/4xxx/CVE-2009-4585.json +++ b/2009/4xxx/CVE-2009-4585.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "UranyumSoft Listing Service stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/db.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0912-exploits/uranyumsoft-disclose.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0912-exploits/uranyumsoft-disclose.txt" - }, - { - "name" : "10823", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10823" - }, - { - "name" : "61396", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/61396" - }, - { - "name" : "37912", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37912" - }, - { - "name" : "uslistingservice-db-info-disclosure(55220)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55220" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UranyumSoft Listing Service stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/db.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10823", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10823" + }, + { + "name": "61396", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/61396" + }, + { + "name": "37912", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37912" + }, + { + "name": "http://packetstormsecurity.org/0912-exploits/uranyumsoft-disclose.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0912-exploits/uranyumsoft-disclose.txt" + }, + { + "name": "uslistingservice-db-info-disclosure(55220)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55220" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4627.json b/2009/4xxx/CVE-2009-4627.json index 0a6e1d102e9..8a3e4107a19 100644 --- a/2009/4xxx/CVE-2009-4627.json +++ b/2009/4xxx/CVE-2009-4627.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4627", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in sources/_template_parser.php in Moa Gallery 1.2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the p_filename parameter, a different issue than CVE-2009-4614." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9525", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9525" - }, - { - "name" : "ADV-2009-2430", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2430" - }, - { - "name" : "moagallery-pfilename-dir-traversal(52778)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in sources/_template_parser.php in Moa Gallery 1.2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the p_filename parameter, a different issue than CVE-2009-4614." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "moagallery-pfilename-dir-traversal(52778)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52778" + }, + { + "name": "9525", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9525" + }, + { + "name": "ADV-2009-2430", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2430" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4714.json b/2009/4xxx/CVE-2009-4714.json index aa173bd388b..671cb84f63f 100644 --- a/2009/4xxx/CVE-2009-4714.json +++ b/2009/4xxx/CVE-2009-4714.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4714", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the quiz module for XOOPS Celepar allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to cadastro_usuario.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/xoopsceleparquiz-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/xoopsceleparquiz-xss.txt" - }, - { - "name" : "56598", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/56598" - }, - { - "name" : "35966", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the quiz module for XOOPS Celepar allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to cadastro_usuario.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56598", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/56598" + }, + { + "name": "http://packetstormsecurity.org/0907-exploits/xoopsceleparquiz-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/xoopsceleparquiz-xss.txt" + }, + { + "name": "35966", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35966" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4821.json b/2009/4xxx/CVE-2009-4821.json index ce5292dffb8..73a3b49d740 100644 --- a/2009/4xxx/CVE-2009-4821.json +++ b/2009/4xxx/CVE-2009-4821.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hiredhacker.com/2009/12/15/d-link-dir-615-remote-exploit/", - "refsource" : "MISC", - "url" : "http://www.hiredhacker.com/2009/12/15/d-link-dir-615-remote-exploit/" - }, - { - "name" : "37415", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37415" - }, - { - "name" : "37777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37777" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37415", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37415" + }, + { + "name": "37777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37777" + }, + { + "name": "http://www.hiredhacker.com/2009/12/15/d-link-dir-615-remote-exploit/", + "refsource": "MISC", + "url": "http://www.hiredhacker.com/2009/12/15/d-link-dir-615-remote-exploit/" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2439.json b/2012/2xxx/CVE-2012-2439.json index 1d45d3bc2ea..17b2c25a206 100644 --- a/2012/2xxx/CVE-2012-2439.json +++ b/2012/2xxx/CVE-2012-2439.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2439", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2439", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#928795", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/928795" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#928795", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/928795" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2601.json b/2012/2xxx/CVE-2012-2601.json index f74b5b08259..a3c382fad41 100644 --- a/2012/2xxx/CVE-2012-2601.json +++ b/2012/2xxx/CVE-2012-2601.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-2601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20035", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/20035" - }, - { - "name" : "http://www.whatsupgold.com/blog/2012/07/23/keeping-whatsup-gold-secure/", - "refsource" : "MISC", - "url" : "http://www.whatsupgold.com/blog/2012/07/23/keeping-whatsup-gold-secure/" - }, - { - "name" : "VU#777007", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/777007" - }, - { - "name" : "54626", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54626" - }, - { - "name" : "1027325", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027325" - }, - { - "name" : "ipswitch-wrvmwarehostlist-sql-injection(77152)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ipswitch-wrvmwarehostlist-sql-injection(77152)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77152" + }, + { + "name": "1027325", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027325" + }, + { + "name": "54626", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54626" + }, + { + "name": "20035", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/20035" + }, + { + "name": "VU#777007", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/777007" + }, + { + "name": "http://www.whatsupgold.com/blog/2012/07/23/keeping-whatsup-gold-secure/", + "refsource": "MISC", + "url": "http://www.whatsupgold.com/blog/2012/07/23/keeping-whatsup-gold-secure/" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2687.json b/2012/2xxx/CVE-2012-2687.json index 5b026f35586..2731633780f 100644 --- a/2012/2xxx/CVE-2012-2687.json +++ b/2012/2xxx/CVE-2012-2687.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2687", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[announce] 20120821 [ANNOUNCEMENT] Apache HTTP Server 2.4.3 Released", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/www-announce/201208.mbox/%3C0BFFEA9B-801B-4BAA-9534-56F640268E30@apache.org%3E" - }, - { - "name" : "http://httpd.apache.org/security/vulnerabilities_24.html", - "refsource" : "CONFIRM", - "url" : "http://httpd.apache.org/security/vulnerabilities_24.html" - }, - { - "name" : "http://www.apache.org/dist/httpd/CHANGES_2.4.3", - "refsource" : "CONFIRM", - "url" : "http://www.apache.org/dist/httpd/CHANGES_2.4.3" - }, - { - "name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" - }, - { - "name" : "http://support.apple.com/kb/HT5880", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5880" - }, - { - "name" : "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html", - "refsource" : "CONFIRM", - "url" : "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html" - }, - { - "name" : "SE53614", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=nas2a2b50a0ca011b37c86257a96003c9a4f" - }, - { - "name" : "APPLE-SA-2013-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" - }, - { - "name" : "HPSBUX02866", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136612293908376&w=2" - }, - { - "name" : "SSRT101139", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136612293908376&w=2" - }, - { - "name" : "RHSA-2012:1591", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1591.html" - }, - { - "name" : "RHSA-2012:1592", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1592.html" - }, - { - "name" : "RHSA-2012:1594", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1594.html" - }, - { - "name" : "RHSA-2013:0130", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0130.html" - }, - { - "name" : "openSUSE-SU-2013:0243", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html" - }, - { - "name" : "openSUSE-SU-2013:0245", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00011.html" - }, - { - "name" : "openSUSE-SU-2013:0248", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html" - }, - { - "name" : "USN-1627-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1627-1" - }, - { - "name" : "55131", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55131" - }, - { - "name" : "oval:org.mitre.oval:def:18832", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18832" - }, - { - "name" : "oval:org.mitre.oval:def:19539", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19539" - }, - { - "name" : "51607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51607" - }, - { - "name" : "50894", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50894" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101139", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136612293908376&w=2" + }, + { + "name": "50894", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50894" + }, + { + "name": "55131", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55131" + }, + { + "name": "http://httpd.apache.org/security/vulnerabilities_24.html", + "refsource": "CONFIRM", + "url": "http://httpd.apache.org/security/vulnerabilities_24.html" + }, + { + "name": "oval:org.mitre.oval:def:19539", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19539" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" + }, + { + "name": "RHSA-2012:1594", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1594.html" + }, + { + "name": "USN-1627-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1627-1" + }, + { + "name": "51607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51607" + }, + { + "name": "SE53614", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=nas2a2b50a0ca011b37c86257a96003c9a4f" + }, + { + "name": "openSUSE-SU-2013:0245", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00011.html" + }, + { + "name": "APPLE-SA-2013-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" + }, + { + "name": "[announce] 20120821 [ANNOUNCEMENT] Apache HTTP Server 2.4.3 Released", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201208.mbox/%3C0BFFEA9B-801B-4BAA-9534-56F640268E30@apache.org%3E" + }, + { + "name": "RHSA-2012:1592", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1592.html" + }, + { + "name": "http://www.apache.org/dist/httpd/CHANGES_2.4.3", + "refsource": "CONFIRM", + "url": "http://www.apache.org/dist/httpd/CHANGES_2.4.3" + }, + { + "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html", + "refsource": "CONFIRM", + "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html" + }, + { + "name": "RHSA-2013:0130", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0130.html" + }, + { + "name": "RHSA-2012:1591", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1591.html" + }, + { + "name": "openSUSE-SU-2013:0248", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html" + }, + { + "name": "oval:org.mitre.oval:def:18832", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18832" + }, + { + "name": "HPSBUX02866", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136612293908376&w=2" + }, + { + "name": "openSUSE-SU-2013:0243", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html" + }, + { + "name": "http://support.apple.com/kb/HT5880", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5880" + }, + { + "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2774.json b/2012/2xxx/CVE-2012-2774.json index 921229b5098..3edb0e370d9 100644 --- a/2012/2xxx/CVE-2012-2774.json +++ b/2012/2xxx/CVE-2012-2774.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors, related to starting \"a frame outside SETUP state.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/31/3" - }, - { - "name" : "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/02/4" - }, - { - "name" : "http://ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.org/security.html" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=59a4b73531428d2f420b4dad545172c8483ced0f", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=59a4b73531428d2f420b4dad545172c8483ced0f" - }, - { - "name" : "55355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55355" - }, - { - "name" : "50468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50468" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors, related to starting \"a frame outside SETUP state.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" + }, + { + "name": "55355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55355" + }, + { + "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" + }, + { + "name": "http://ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://ffmpeg.org/security.html" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=59a4b73531428d2f420b4dad545172c8483ced0f", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=59a4b73531428d2f420b4dad545172c8483ced0f" + }, + { + "name": "50468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50468" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3710.json b/2012/3xxx/CVE-2012-3710.json index ca3ca6f48f0..f65c5f4f242 100644 --- a/2012/3xxx/CVE-2012-3710.json +++ b/2012/3xxx/CVE-2012-3710.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5502", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5502" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "APPLE-SA-2012-09-19-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" - }, - { - "name" : "55534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55534" - }, - { - "name" : "85393", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85393" - }, - { - "name" : "oval:org.mitre.oval:def:17559", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17559" - }, - { - "name" : "apple-itunes-webkit-cve20123710(78519)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78519" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-09-19-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" + }, + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "http://support.apple.com/kb/HT5502", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5502" + }, + { + "name": "85393", + "refsource": "OSVDB", + "url": "http://osvdb.org/85393" + }, + { + "name": "55534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55534" + }, + { + "name": "oval:org.mitre.oval:def:17559", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17559" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "apple-itunes-webkit-cve20123710(78519)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78519" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6386.json b/2012/6xxx/CVE-2012-6386.json index 94f1eb66c1f..0baad1781a7 100644 --- a/2012/6xxx/CVE-2012-6386.json +++ b/2012/6xxx/CVE-2012-6386.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6386", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6386", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6398.json b/2012/6xxx/CVE-2012-6398.json index 935b8da7d72..cbfff7dd75a 100644 --- a/2012/6xxx/CVE-2012-6398.json +++ b/2012/6xxx/CVE-2012-6398.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6398", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6398", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1392.json b/2015/1xxx/CVE-2015-1392.json index 0b1891328ea..9bd3b6fd837 100644 --- a/2015/1xxx/CVE-2015-1392.json +++ b/2015/1xxx/CVE-2015-1392.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt", - "refsource" : "CONFIRM", - "url" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt", + "refsource": "CONFIRM", + "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1431.json b/2015/1xxx/CVE-2015-1431.json index ffe845f71e0..dcbc5878383 100644 --- a/2015/1xxx/CVE-2015-1431.json +++ b/2015/1xxx/CVE-2015-1431.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to \"Relative Path Overwrite.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150131 Re: CVE request: phpbb3 CSRF and CSS injection", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2015/q1/373" - }, - { - "name" : "https://github.com/phpbb/phpbb/commit/eaeb88133f1f028fa06f0ebe5639668436fd469e", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpbb/phpbb/commit/eaeb88133f1f028fa06f0ebe5639668436fd469e" - }, - { - "name" : "https://github.com/phpbb/phpbb/pull/3316", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpbb/phpbb/pull/3316" - }, - { - "name" : "https://tracker.phpbb.com/browse/PHPBB3-13531", - "refsource" : "CONFIRM", - "url" : "https://tracker.phpbb.com/browse/PHPBB3-13531" - }, - { - "name" : "https://wiki.phpbb.com/Release_Highlights/3.0.13", - "refsource" : "CONFIRM", - "url" : "https://wiki.phpbb.com/Release_Highlights/3.0.13" - }, - { - "name" : "GLSA-201701-25", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-25" - }, - { - "name" : "72405", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72405" - }, - { - "name" : "phpbb3-cve20151431-xss(100670)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100670" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to \"Relative Path Overwrite.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/phpbb/phpbb/pull/3316", + "refsource": "CONFIRM", + "url": "https://github.com/phpbb/phpbb/pull/3316" + }, + { + "name": "https://tracker.phpbb.com/browse/PHPBB3-13531", + "refsource": "CONFIRM", + "url": "https://tracker.phpbb.com/browse/PHPBB3-13531" + }, + { + "name": "[oss-security] 20150131 Re: CVE request: phpbb3 CSRF and CSS injection", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2015/q1/373" + }, + { + "name": "https://wiki.phpbb.com/Release_Highlights/3.0.13", + "refsource": "CONFIRM", + "url": "https://wiki.phpbb.com/Release_Highlights/3.0.13" + }, + { + "name": "GLSA-201701-25", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-25" + }, + { + "name": "72405", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72405" + }, + { + "name": "phpbb3-cve20151431-xss(100670)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100670" + }, + { + "name": "https://github.com/phpbb/phpbb/commit/eaeb88133f1f028fa06f0ebe5639668436fd469e", + "refsource": "CONFIRM", + "url": "https://github.com/phpbb/phpbb/commit/eaeb88133f1f028fa06f0ebe5639668436fd469e" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1928.json b/2015/1xxx/CVE-2015-1928.json index 3a1cc0db758..655084bf2d1 100644 --- a/2015/1xxx/CVE-2015-1928.json +++ b/2015/1xxx/CVE-2015-1928.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1928", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.x before 6.0.0 IF4; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Engineering Lifecycle Manager (RELM) 4.0.3 through 4.0.7, 5.0 through 5.0.2, and 6.0.0; Rational Rhapsody Design Manager (DM) 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0.0; and Rational Software Architect Design Manager (DM) 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0.0 allows remote authenticated users to conduct clickjacking attacks via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21973200", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21973200" - }, - { - "name" : "1034565", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034565" - }, - { - "name" : "1034566", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034566" - }, - { - "name" : "1034567", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034567" - }, - { - "name" : "1034568", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034568" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.x before 6.0.0 IF4; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Engineering Lifecycle Manager (RELM) 4.0.3 through 4.0.7, 5.0 through 5.0.2, and 6.0.0; Rational Rhapsody Design Manager (DM) 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0.0; and Rational Software Architect Design Manager (DM) 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0.0 allows remote authenticated users to conduct clickjacking attacks via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1034568", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034568" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21973200", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973200" + }, + { + "name": "1034566", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034566" + }, + { + "name": "1034565", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034565" + }, + { + "name": "1034567", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034567" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5331.json b/2015/5xxx/CVE-2015-5331.json index ef7b586a842..f05cb0fc59a 100644 --- a/2015/5xxx/CVE-2015-5331.json +++ b/2015/5xxx/CVE-2015-5331.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Moodle 2.9.x before 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct spam attacks via the messaging API." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50426", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50426" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=323228", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=323228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Moodle 2.9.x before 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct spam attacks via the messaging API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50426", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50426" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=323228", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=323228" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5750.json b/2015/5xxx/CVE-2015-5750.json index 495138e6747..4b4e7e79125 100644 --- a/2015/5xxx/CVE-2015-5750.json +++ b/2015/5xxx/CVE-2015-5750.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5750", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Data Detectors Engine in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted series of Unicode characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5750", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT205031", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205031" - }, - { - "name" : "APPLE-SA-2015-08-13-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" - }, - { - "name" : "76340", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76340" - }, - { - "name" : "1033276", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033276" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Data Detectors Engine in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted series of Unicode characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "76340", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76340" + }, + { + "name": "APPLE-SA-2015-08-13-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" + }, + { + "name": "https://support.apple.com/kb/HT205031", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205031" + }, + { + "name": "1033276", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033276" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11107.json b/2018/11xxx/CVE-2018-11107.json index 5ff0d52dc20..524d4a96f0a 100644 --- a/2018/11xxx/CVE-2018-11107.json +++ b/2018/11xxx/CVE-2018-11107.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11107", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11107", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11431.json b/2018/11xxx/CVE-2018-11431.json index bfd71317a88..bbaddbd90ed 100644 --- a/2018/11xxx/CVE-2018-11431.json +++ b/2018/11xxx/CVE-2018-11431.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11431", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11431", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11673.json b/2018/11xxx/CVE-2018-11673.json index 18b96047e3b..3242da9d85f 100644 --- a/2018/11xxx/CVE-2018-11673.json +++ b/2018/11xxx/CVE-2018-11673.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11673", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11673", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15069.json b/2018/15xxx/CVE-2018-15069.json index f083ba0b052..a08ea172523 100644 --- a/2018/15xxx/CVE-2018-15069.json +++ b/2018/15xxx/CVE-2018-15069.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15069", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15069", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3350.json b/2018/3xxx/CVE-2018-3350.json index 0b1667c8009..b5e9ea9f478 100644 --- a/2018/3xxx/CVE-2018-3350.json +++ b/2018/3xxx/CVE-2018-3350.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3350", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3350", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3641.json b/2018/3xxx/CVE-2018-3641.json index 66d8c20bae6..f9fbc15d422 100644 --- a/2018/3xxx/CVE-2018-3641.json +++ b/2018/3xxx/CVE-2018-3641.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2018-04-03T00:00:00", - "ID" : "CVE-2018-3641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel Remote Keyboard", - "version" : { - "version_data" : [ - { - "version_value" : "All" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Escalation of privilege in all versions of the Intel Remote Keyboard allows a network attacker to inject keystrokes as a local user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2018-04-03T00:00:00", + "ID": "CVE-2018-3641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel Remote Keyboard", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00122&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00122&languageid=en-fr" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Escalation of privilege in all versions of the Intel Remote Keyboard allows a network attacker to inject keystrokes as a local user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00122&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00122&languageid=en-fr" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7024.json b/2018/7xxx/CVE-2018-7024.json index 8bd4e47f4cb..c2f1d924641 100644 --- a/2018/7xxx/CVE-2018-7024.json +++ b/2018/7xxx/CVE-2018-7024.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7024", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7024", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7537.json b/2018/7xxx/CVE-2018-7537.json index 9f1398d0f9e..3bd57ce1c2a 100644 --- a/2018/7xxx/CVE-2018-7537.json +++ b/2018/7xxx/CVE-2018-7537.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180308 [SECURITY] [DLA 1303-1] python-django security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html" - }, - { - "name" : "https://www.djangoproject.com/weblog/2018/mar/06/security-releases/", - "refsource" : "CONFIRM", - "url" : "https://www.djangoproject.com/weblog/2018/mar/06/security-releases/" - }, - { - "name" : "DSA-4161", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4161" - }, - { - "name" : "RHSA-2018:2927", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2927" - }, - { - "name" : "RHSA-2019:0265", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0265" - }, - { - "name" : "USN-3591-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3591-1/" - }, - { - "name" : "103357", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103357" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3591-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3591-1/" + }, + { + "name": "[debian-lts-announce] 20180308 [SECURITY] [DLA 1303-1] python-django security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html" + }, + { + "name": "https://www.djangoproject.com/weblog/2018/mar/06/security-releases/", + "refsource": "CONFIRM", + "url": "https://www.djangoproject.com/weblog/2018/mar/06/security-releases/" + }, + { + "name": "RHSA-2018:2927", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2927" + }, + { + "name": "103357", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103357" + }, + { + "name": "RHSA-2019:0265", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0265" + }, + { + "name": "DSA-4161", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4161" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8106.json b/2018/8xxx/CVE-2018-8106.json index 8c7c4e5362d..2347b5ac9f4 100644 --- a/2018/8xxx/CVE-2018-8106.json +++ b/2018/8xxx/CVE-2018-8106.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652", - "refsource" : "MISC", - "url" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652", + "refsource": "MISC", + "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8454.json b/2018/8xxx/CVE-2018-8454.json index 7438c5ac2d5..2b19d41b945 100644 --- a/2018/8xxx/CVE-2018-8454.json +++ b/2018/8xxx/CVE-2018-8454.json @@ -1,119 +1,119 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for ARM64-based Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for ARM64-based Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "Version 1809 for x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows Server 2019", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists when Windows Audio Service fails to properly handle objects in memory, aka \"Windows Audio Service Information Disclosure Vulnerability.\" This affects Windows 10 Servers, Windows 10, Windows Server 2019." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "Version 1809 for 32-bit Systems" + }, + { + "version_value": "Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Version 1809 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8454", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8454" - }, - { - "name" : "105799", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105799" - }, - { - "name" : "1042122", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042122" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when Windows Audio Service fails to properly handle objects in memory, aka \"Windows Audio Service Information Disclosure Vulnerability.\" This affects Windows 10 Servers, Windows 10, Windows Server 2019." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8454", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8454" + }, + { + "name": "105799", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105799" + }, + { + "name": "1042122", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042122" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8752.json b/2018/8xxx/CVE-2018-8752.json index c8bba31e0d3..2b41bb657f6 100644 --- a/2018/8xxx/CVE-2018-8752.json +++ b/2018/8xxx/CVE-2018-8752.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8752", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8752", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file