From 0180191804862cbaae44ec85b7eeaae0007ad0a4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:40:29 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/1xxx/CVE-1999-1117.json | 170 ++++++------ 1999/1xxx/CVE-1999-1218.json | 130 ++++----- 1999/1xxx/CVE-1999-1483.json | 120 ++++---- 2000/0xxx/CVE-2000-0466.json | 130 ++++----- 2000/0xxx/CVE-2000-0502.json | 150 +++++----- 2000/1xxx/CVE-2000-1109.json | 160 +++++------ 2005/2xxx/CVE-2005-2735.json | 170 ++++++------ 2005/2xxx/CVE-2005-2743.json | 150 +++++----- 2005/2xxx/CVE-2005-2839.json | 120 ++++---- 2005/3xxx/CVE-2005-3118.json | 160 +++++------ 2005/3xxx/CVE-2005-3379.json | 170 ++++++------ 2005/3xxx/CVE-2005-3418.json | 230 ++++++++-------- 2005/3xxx/CVE-2005-3631.json | 160 +++++------ 2005/3xxx/CVE-2005-3782.json | 120 ++++---- 2005/3xxx/CVE-2005-3936.json | 140 +++++----- 2005/4xxx/CVE-2005-4218.json | 140 +++++----- 2005/4xxx/CVE-2005-4373.json | 140 +++++----- 2005/4xxx/CVE-2005-4506.json | 150 +++++----- 2005/4xxx/CVE-2005-4527.json | 160 +++++------ 2005/4xxx/CVE-2005-4628.json | 130 ++++----- 2005/4xxx/CVE-2005-4790.json | 330 +++++++++++----------- 2009/2xxx/CVE-2009-2285.json | 520 +++++++++++++++++------------------ 2009/2xxx/CVE-2009-2777.json | 160 +++++------ 2009/2xxx/CVE-2009-2890.json | 150 +++++----- 2009/2xxx/CVE-2009-2958.json | 200 +++++++------- 2009/3xxx/CVE-2009-3063.json | 140 +++++----- 2009/3xxx/CVE-2009-3114.json | 160 +++++------ 2009/3xxx/CVE-2009-3565.json | 200 +++++++------- 2009/3xxx/CVE-2009-3789.json | 260 +++++++++--------- 2009/4xxx/CVE-2009-4778.json | 160 +++++------ 2015/0xxx/CVE-2015-0100.json | 140 +++++----- 2015/0xxx/CVE-2015-0160.json | 120 ++++---- 2015/0xxx/CVE-2015-0716.json | 130 ++++----- 2015/0xxx/CVE-2015-0933.json | 120 ++++---- 2015/1xxx/CVE-2015-1096.json | 190 ++++++------- 2015/1xxx/CVE-2015-1784.json | 34 +-- 2015/4xxx/CVE-2015-4090.json | 34 +-- 2015/4xxx/CVE-2015-4306.json | 130 ++++----- 2015/4xxx/CVE-2015-4327.json | 140 +++++----- 2015/4xxx/CVE-2015-4554.json | 140 +++++----- 2015/4xxx/CVE-2015-4564.json | 34 +-- 2015/5xxx/CVE-2015-5524.json | 34 +-- 2015/5xxx/CVE-2015-5646.json | 160 +++++------ 2015/5xxx/CVE-2015-5775.json | 170 ++++++------ 2015/5xxx/CVE-2015-5895.json | 150 +++++----- 2018/2xxx/CVE-2018-2124.json | 34 +-- 2018/2xxx/CVE-2018-2414.json | 34 +-- 2018/3xxx/CVE-2018-3304.json | 156 +++++------ 2018/3xxx/CVE-2018-3571.json | 122 ++++---- 2018/3xxx/CVE-2018-3574.json | 160 +++++------ 2018/3xxx/CVE-2018-3873.json | 122 ++++---- 2018/3xxx/CVE-2018-3876.json | 122 ++++---- 2018/3xxx/CVE-2018-3901.json | 34 +-- 2018/6xxx/CVE-2018-6220.json | 140 +++++----- 2018/6xxx/CVE-2018-6444.json | 120 ++++---- 2018/6xxx/CVE-2018-6636.json | 34 +-- 2018/7xxx/CVE-2018-7103.json | 120 ++++---- 2018/7xxx/CVE-2018-7231.json | 122 ++++---- 2018/7xxx/CVE-2018-7406.json | 140 +++++----- 2018/7xxx/CVE-2018-7414.json | 34 +-- 2018/7xxx/CVE-2018-7751.json | 130 ++++----- 61 files changed, 4315 insertions(+), 4315 deletions(-) diff --git a/1999/1xxx/CVE-1999-1117.json b/1999/1xxx/CVE-1999-1117.json index e0d840ff514..5c393850c04 100644 --- a/1999/1xxx/CVE-1999-1117.json +++ b/1999/1xxx/CVE-1999-1117.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19961124", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&w=2&r=1&s=lquerypv&q=b" - }, - { - "name" : "19961125 lquerypv fix", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=87602167420195&w=2" - }, - { - "name" : "19961125 AIX lquerypv", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=87602167420196&w=2" - }, - { - "name" : "H-13", - "refsource" : "CIAC", - "url" : "http://ciac.llnl.gov/ciac/bulletins/h-13.shtml" - }, - { - "name" : "455", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/455" - }, - { - "name" : "ibm-lquerypv(1752)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1752" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "H-13", + "refsource": "CIAC", + "url": "http://ciac.llnl.gov/ciac/bulletins/h-13.shtml" + }, + { + "name": "19961125 AIX lquerypv", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=87602167420196&w=2" + }, + { + "name": "ibm-lquerypv(1752)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1752" + }, + { + "name": "455", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/455" + }, + { + "name": "19961125 lquerypv fix", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=87602167420195&w=2" + }, + { + "name": "19961124", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&w=2&r=1&s=lquerypv&q=b" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1218.json b/1999/1xxx/CVE-1999-1218.json index 85e5d79f216..ab194ad15ac 100644 --- a/1999/1xxx/CVE-1999-1218.json +++ b/1999/1xxx/CVE-1999-1218.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in finger in Commodore Amiga UNIX 2.1p2a and earlier allows local users to read arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CA-1993-04", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-1993-04.html" - }, - { - "name" : "amiga-finger(522)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/522" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in finger in Commodore Amiga UNIX 2.1p2a and earlier allows local users to read arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CA-1993-04", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-1993-04.html" + }, + { + "name": "amiga-finger(522)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/522" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1483.json b/1999/1xxx/CVE-1999-1483.json index ab36317f96e..7382547a64a 100644 --- a/1999/1xxx/CVE-1999-1483.json +++ b/1999/1xxx/CVE-1999-1483.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1483", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in zgv in svgalib 1.2.10 and earlier allows local users to execute arbitrary code via a long HOME environment variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1483", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19970619 svgalib/zgv", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/7041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in zgv in svgalib 1.2.10 and earlier allows local users to execute arbitrary code via a long HOME environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19970619 svgalib/zgv", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/7041" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0466.json b/2000/0xxx/CVE-2000-0466.json index 5c89a87932e..2ac1e7faada 100644 --- a/2000/0xxx/CVE-2000-0466.json +++ b/2000/0xxx/CVE-2000-0466.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AIX cdmount allows local users to gain root privileges via shell metacharacters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000620 Insecure call of external program in AIX cdmount", - "refsource" : "ISS", - "url" : "http://xforce.iss.net/alerts/advise55.php" - }, - { - "name" : "1384", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1384" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AIX cdmount allows local users to gain root privileges via shell metacharacters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1384", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1384" + }, + { + "name": "20000620 Insecure call of external program in AIX cdmount", + "refsource": "ISS", + "url": "http://xforce.iss.net/alerts/advise55.php" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0502.json b/2000/0xxx/CVE-2000-0502.json index ade2c0e8da0..2a299d72fe9 100644 --- a/2000/0xxx/CVE-2000-0502.json +++ b/2000/0xxx/CVE-2000-0502.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mcafee VirusScan 4.03 does not properly restrict access to the alert text file before it is sent to the Central Alert Server, which allows local users to modify alerts in an arbitrary fashion." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000607 Mcafee Alerting DOS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-06/0038.html" - }, - { - "name" : "1326", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1326" - }, - { - "name" : "mcafee-alerting-dos(4641)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/4641" - }, - { - "name" : "6287", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mcafee VirusScan 4.03 does not properly restrict access to the alert text file before it is sent to the Central Alert Server, which allows local users to modify alerts in an arbitrary fashion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mcafee-alerting-dos(4641)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4641" + }, + { + "name": "20000607 Mcafee Alerting DOS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0038.html" + }, + { + "name": "6287", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6287" + }, + { + "name": "1326", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1326" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1109.json b/2000/1xxx/CVE-2000-1109.json index 20887d7890e..70d5241716f 100644 --- a/2000/1xxx/CVE-2000-1109.json +++ b/2000/1xxx/CVE-2000-1109.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Midnight Commander (mc) 4.5.51 and earlier does not properly process malformed directory names when a user opens a directory, which allows other local users to gain privileges by creating directories that contain special characters followed by the commands to be executed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001127 Midnight Commander", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-11/0373.html" - }, - { - "name" : "DSA-036", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2001/dsa-036" - }, - { - "name" : "SuSE-SA:2001:11", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2001_011_mc.html" - }, - { - "name" : "2016", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2016" - }, - { - "name" : "midnight-commander-elevate-privileges(5929)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Midnight Commander (mc) 4.5.51 and earlier does not properly process malformed directory names when a user opens a directory, which allows other local users to gain privileges by creating directories that contain special characters followed by the commands to be executed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2016", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2016" + }, + { + "name": "20001127 Midnight Commander", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0373.html" + }, + { + "name": "SuSE-SA:2001:11", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2001_011_mc.html" + }, + { + "name": "midnight-commander-elevate-privileges(5929)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5929" + }, + { + "name": "DSA-036", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2001/dsa-036" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2735.json b/2005/2xxx/CVE-2005-2735.json index 4a472ad48df..845336fc0b6 100644 --- a/2005/2xxx/CVE-2005-2735.json +++ b/2005/2xxx/CVE-2005-2735.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050826 Multiple PHP Images Galleries EXIF Metadata XSS Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112511025414488&w=2" - }, - { - "name" : "http://cedri.cc/advisories/EXIF_XSS.txt", - "refsource" : "MISC", - "url" : "http://cedri.cc/advisories/EXIF_XSS.txt" - }, - { - "name" : "14669", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14669" - }, - { - "name" : "16595", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16595/" - }, - { - "name" : "1014801", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014801" - }, - { - "name" : "photopost-exif-xss(22020)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14669", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14669" + }, + { + "name": "http://cedri.cc/advisories/EXIF_XSS.txt", + "refsource": "MISC", + "url": "http://cedri.cc/advisories/EXIF_XSS.txt" + }, + { + "name": "1014801", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014801" + }, + { + "name": "16595", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16595/" + }, + { + "name": "photopost-exif-xss(22020)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22020" + }, + { + "name": "20050826 Multiple PHP Images Galleries EXIF Metadata XSS Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112511025414488&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2743.json b/2005/2xxx/CVE-2005-2743.json index e15590904bf..de021e01f74 100644 --- a/2005/2xxx/CVE-2005-2743.json +++ b/2005/2xxx/CVE-2005-2743.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, which allows remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2005-09-22", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Sep/msg00002.html" - }, - { - "name" : "ESB-2005.0732", - "refsource" : "AUSCERT", - "url" : "http://www.auscert.org.au/5509" - }, - { - "name" : "P-312", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/p-312.shtml" - }, - { - "name" : "16920", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16920/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, which allows remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "P-312", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/p-312.shtml" + }, + { + "name": "ESB-2005.0732", + "refsource": "AUSCERT", + "url": "http://www.auscert.org.au/5509" + }, + { + "name": "APPLE-SA-2005-09-22", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Sep/msg00002.html" + }, + { + "name": "16920", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16920/" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2839.json b/2005/2xxx/CVE-2005-2839.json index 3fd1ae4f134..0deabe7606d 100644 --- a/2005/2xxx/CVE-2005-2839.json +++ b/2005/2xxx/CVE-2005-2839.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2839", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.72 allow remote attackers to inject arbitrary web script or HTML via (1) dl-search.php or (2) wl-search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1014847", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014847" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.72 allow remote attackers to inject arbitrary web script or HTML via (1) dl-search.php or (2) wl-search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014847", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014847" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3118.json b/2005/3xxx/CVE-2005-3118.json index 855c9c56a16..1b8e4175108 100644 --- a/2005/3xxx/CVE-2005-3118.json +++ b/2005/3xxx/CVE-2005-3118.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mason before 1.0.0 does not install the init script after the user uses Mason to configure a firewall, which causes the system to run without a firewall after a reboot." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-3118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-845", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-845" - }, - { - "name" : "15019", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15019" - }, - { - "name" : "ADV-2005-1976", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1976" - }, - { - "name" : "19875", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19875" - }, - { - "name" : "17084", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mason before 1.0.0 does not install the init script after the user uses Mason to configure a firewall, which causes the system to run without a firewall after a reboot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19875", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19875" + }, + { + "name": "ADV-2005-1976", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1976" + }, + { + "name": "17084", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17084" + }, + { + "name": "DSA-845", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-845" + }, + { + "name": "15019", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15019" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3379.json b/2005/3xxx/CVE-2005-3379.json index 335ac3342dd..519c6e476e3 100644 --- a/2005/3xxx/CVE-2005-3379.json +++ b/2005/3xxx/CVE-2005-3379.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an \"MZ\" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a \"triple headed\" program that contains EXE, EML, and HTML content, aka the \"magic byte bug.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051025 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113026417802703&w=2" - }, - { - "name" : "20051029 Trend Micro's Response to the Magic Byte Bug", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/415173" - }, - { - "name" : "http://www.securityelf.org/magicbyteadv.html", - "refsource" : "MISC", - "url" : "http://www.securityelf.org/magicbyteadv.html" - }, - { - "name" : "http://www.securityelf.org/magicbyte.html", - "refsource" : "MISC", - "url" : "http://www.securityelf.org/magicbyte.html" - }, - { - "name" : "http://www.securityelf.org/updmagic.html", - "refsource" : "MISC", - "url" : "http://www.securityelf.org/updmagic.html" - }, - { - "name" : "15189", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15189" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an \"MZ\" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a \"triple headed\" program that contains EXE, EML, and HTML content, aka the \"magic byte bug.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15189", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15189" + }, + { + "name": "http://www.securityelf.org/magicbyte.html", + "refsource": "MISC", + "url": "http://www.securityelf.org/magicbyte.html" + }, + { + "name": "20051029 Trend Micro's Response to the Magic Byte Bug", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/415173" + }, + { + "name": "http://www.securityelf.org/magicbyteadv.html", + "refsource": "MISC", + "url": "http://www.securityelf.org/magicbyteadv.html" + }, + { + "name": "20051025 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113026417802703&w=2" + }, + { + "name": "http://www.securityelf.org/updmagic.html", + "refsource": "MISC", + "url": "http://www.securityelf.org/updmagic.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3418.json b/2005/3xxx/CVE-2005-3418.json index 9a9f3a4633a..651a493f34a 100644 --- a/2005/3xxx/CVE-2005-3418.json +++ b/2005/3xxx/CVE-2005-3418.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not initialized as variables." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113081113317600&w=2" - }, - { - "name" : "http://www.hardened-php.net/advisory_172005.75.html", - "refsource" : "MISC", - "url" : "http://www.hardened-php.net/advisory_172005.75.html" - }, - { - "name" : "DSA-925", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-925" - }, - { - "name" : "15243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15243" - }, - { - "name" : "ADV-2005-2250", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2250" - }, - { - "name" : "20387", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20387" - }, - { - "name" : "20388", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20388" - }, - { - "name" : "20389", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20389" - }, - { - "name" : "1015121", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015121" - }, - { - "name" : "17366", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17366" - }, - { - "name" : "18098", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18098" - }, - { - "name" : "130", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/130" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not initialized as variables." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2250", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2250" + }, + { + "name": "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113081113317600&w=2" + }, + { + "name": "DSA-925", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-925" + }, + { + "name": "17366", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17366" + }, + { + "name": "20388", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20388" + }, + { + "name": "20389", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20389" + }, + { + "name": "130", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/130" + }, + { + "name": "18098", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18098" + }, + { + "name": "http://www.hardened-php.net/advisory_172005.75.html", + "refsource": "MISC", + "url": "http://www.hardened-php.net/advisory_172005.75.html" + }, + { + "name": "20387", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20387" + }, + { + "name": "1015121", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015121" + }, + { + "name": "15243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15243" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3631.json b/2005/3xxx/CVE-2005-3631.json index 085fdb102a5..4716b80dc23 100644 --- a/2005/3xxx/CVE-2005-3631.json +++ b/2005/3xxx/CVE-2005-3631.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "udev does not properly set permissions on certain files in /dev/input, which allows local users to obtain sensitive data that is entered at the console, such as user passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-3631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2005:864", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-864.html" - }, - { - "name" : "15994", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15994" - }, - { - "name" : "oval:org.mitre.oval:def:10854", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10854" - }, - { - "name" : "1015386", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015386" - }, - { - "name" : "18193", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18193" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "udev does not properly set permissions on certain files in /dev/input, which allows local users to obtain sensitive data that is entered at the console, such as user passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015386", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015386" + }, + { + "name": "15994", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15994" + }, + { + "name": "oval:org.mitre.oval:def:10854", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10854" + }, + { + "name": "RHSA-2005:864", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-864.html" + }, + { + "name": "18193", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18193" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3782.json b/2005/3xxx/CVE-2005-3782.json index 53410f62201..eedb9e1e43a 100644 --- a/2005/3xxx/CVE-2005-3782.json +++ b/2005/3xxx/CVE-2005-3782.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3782", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the \"Name and password\" setting, and the \"Show the Restart, Sleep, and Shut Down buttons\" option is disabled, allows users with physical access to bypass login and reboot the system by entering \">restart\", \">power\", or \">shutdown\" sequences after the username." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3782", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20776", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20776" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the \"Name and password\" setting, and the \"Show the Restart, Sleep, and Shut Down buttons\" option is disabled, allows users with physical access to bypass login and reboot the system by entering \">restart\", \">power\", or \">shutdown\" sequences after the username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20776", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20776" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3936.json b/2005/3xxx/CVE-2005-3936.json index 184753f7141..025e4b5cbc6 100644 --- a/2005/3xxx/CVE-2005-3936.json +++ b/2005/3xxx/CVE-2005-3936.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP file include vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to include arbitrary local files via the __f parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/socketkb-11x-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/socketkb-11x-vuln.html" - }, - { - "name" : "21251", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21251" - }, - { - "name" : "17807", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP file include vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to include arbitrary local files via the __f parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17807", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17807" + }, + { + "name": "21251", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21251" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/socketkb-11x-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/socketkb-11x-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4218.json b/2005/4xxx/CVE-2005-4218.json index 4691e935e27..dfa57a3b24d 100644 --- a/2005/4xxx/CVE-2005-4218.json +++ b/2005/4xxx/CVE-2005-4218.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows remote attackers to execute arbitrary SQL commands via the msg parameter, a different vulnerability than CVE-2005-3585." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://rgod.altervista.org/phpwebth14_xpl.html", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/phpwebth14_xpl.html" - }, - { - "name" : "1324", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1324" - }, - { - "name" : "15465", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows remote attackers to execute arbitrary SQL commands via the msg parameter, a different vulnerability than CVE-2005-3585." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://rgod.altervista.org/phpwebth14_xpl.html", + "refsource": "MISC", + "url": "http://rgod.altervista.org/phpwebth14_xpl.html" + }, + { + "name": "1324", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1324" + }, + { + "name": "15465", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15465" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4373.json b/2005/4xxx/CVE-2005-4373.json index 7de4dc33dae..ec518ea0bbf 100644 --- a/2005/4xxx/CVE-2005-4373.json +++ b/2005/4xxx/CVE-2005-4373.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to obtain the full path of the application via an invalid mode parameter to community.html, which leaks the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/awf-adaptive-website-framework-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/awf-adaptive-website-framework-vuln.html" - }, - { - "name" : "http://www.awf-cms.org/news.html", - "refsource" : "CONFIRM", - "url" : "http://www.awf-cms.org/news.html" - }, - { - "name" : "21915", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to obtain the full path of the application via an invalid mode parameter to community.html, which leaks the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21915", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21915" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/awf-adaptive-website-framework-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/awf-adaptive-website-framework-vuln.html" + }, + { + "name": "http://www.awf-cms.org/news.html", + "refsource": "CONFIRM", + "url": "http://www.awf-cms.org/news.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4506.json b/2005/4xxx/CVE-2005-4506.json index 79e47210fc3..c7ccc0744d0 100644 --- a/2005/4xxx/CVE-2005-4506.json +++ b/2005/4xxx/CVE-2005-4506.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nexus Concepts Dev Hound 2.24 and earlier stores username and password information in cleartext in the devhound.tdbd file, which allows local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.exploitlabs.com/files/advisories/EXPL-A-2005-017-devhound.txt", - "refsource" : "MISC", - "url" : "http://www.exploitlabs.com/files/advisories/EXPL-A-2005-017-devhound.txt" - }, - { - "name" : "16042", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16042" - }, - { - "name" : "ADV-2005-3047", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3047" - }, - { - "name" : "18164", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nexus Concepts Dev Hound 2.24 and earlier stores username and password information in cleartext in the devhound.tdbd file, which allows local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.exploitlabs.com/files/advisories/EXPL-A-2005-017-devhound.txt", + "refsource": "MISC", + "url": "http://www.exploitlabs.com/files/advisories/EXPL-A-2005-017-devhound.txt" + }, + { + "name": "16042", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16042" + }, + { + "name": "ADV-2005-3047", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3047" + }, + { + "name": "18164", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18164" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4527.json b/2005/4xxx/CVE-2005-4527.json index 9b5b8e9f992..520c878fe83 100644 --- a/2005/4xxx/CVE-2005-4527.json +++ b/2005/4xxx/CVE-2005-4527.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote attackers to execute arbitrary SQL commands via (1) the setLang parameter in index.php and (2) unspecified search module parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/direct-news-sql-inj.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/direct-news-sql-inj.html" - }, - { - "name" : "15957", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15957/" - }, - { - "name" : "21854", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21854" - }, - { - "name" : "22340", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22340" - }, - { - "name" : "directnews-multiple-sql-injection(23727)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23727" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote attackers to execute arbitrary SQL commands via (1) the setLang parameter in index.php and (2) unspecified search module parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15957", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15957/" + }, + { + "name": "directnews-multiple-sql-injection(23727)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23727" + }, + { + "name": "21854", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21854" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/direct-news-sql-inj.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/direct-news-sql-inj.html" + }, + { + "name": "22340", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22340" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4628.json b/2005/4xxx/CVE-2005-4628.json index d367011cb15..e126620b240 100644 --- a/2005/4xxx/CVE-2005-4628.json +++ b/2005/4xxx/CVE-2005-4628.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4628", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in HelpDeskPoint 2.38 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/helpdeskpoint-free-help-desk-software.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/helpdeskpoint-free-help-desk-software.html" - }, - { - "name" : "21318", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in HelpDeskPoint 2.38 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2005/11/helpdeskpoint-free-help-desk-software.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/helpdeskpoint-free-help-desk-software.html" + }, + { + "name": "21318", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21318" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4790.json b/2005/4xxx/CVE-2005-4790.json index 07252184578..9e5e41ba7c3 100644 --- a/2005/4xxx/CVE-2005-4790.json +++ b/2005/4xxx/CVE-2005-4790.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy vector was reported for other distributions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=188806", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=188806" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=189249", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=189249" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=362941", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=362941" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=199841", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=199841" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=485224", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=485224" - }, - { - "name" : "FEDORA-2007-3011", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00206.html" - }, - { - "name" : "FEDORA-2007-3792", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00913.html" - }, - { - "name" : "GLSA-200711-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200711-12.xml" - }, - { - "name" : "GLSA-200801-14", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200801-14.xml" - }, - { - "name" : "MDVSA-2008:064", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:064" - }, - { - "name" : "SUSE-SR:2005:022", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_22_sr.html" - }, - { - "name" : "USN-560-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/560-1/" - }, - { - "name" : "25341", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25341" - }, - { - "name" : "39577", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39577" - }, - { - "name" : "39578", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39578" - }, - { - "name" : "26480", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26480" - }, - { - "name" : "27608", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27608" - }, - { - "name" : "27621", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27621" - }, - { - "name" : "27799", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27799" - }, - { - "name" : "28339", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28339" - }, - { - "name" : "28672", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28672" - }, - { - "name" : "tomboy-ldlibrarypath-privilege-escalation(36054)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36054" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy vector was reported for other distributions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=188806", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=188806" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=199841", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=199841" + }, + { + "name": "27621", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27621" + }, + { + "name": "27608", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27608" + }, + { + "name": "28672", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28672" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=485224", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=485224" + }, + { + "name": "MDVSA-2008:064", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:064" + }, + { + "name": "39578", + "refsource": "OSVDB", + "url": "http://osvdb.org/39578" + }, + { + "name": "27799", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27799" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=362941", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=362941" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=189249", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=189249" + }, + { + "name": "26480", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26480" + }, + { + "name": "SUSE-SR:2005:022", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html" + }, + { + "name": "28339", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28339" + }, + { + "name": "GLSA-200711-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200711-12.xml" + }, + { + "name": "39577", + "refsource": "OSVDB", + "url": "http://osvdb.org/39577" + }, + { + "name": "25341", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25341" + }, + { + "name": "FEDORA-2007-3011", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00206.html" + }, + { + "name": "USN-560-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/560-1/" + }, + { + "name": "FEDORA-2007-3792", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00913.html" + }, + { + "name": "tomboy-ldlibrarypath-privilege-escalation(36054)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36054" + }, + { + "name": "GLSA-200801-14", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200801-14.xml" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2285.json b/2009/2xxx/CVE-2009-2285.json index e32175011b7..773797bc2ea 100644 --- a/2009/2xxx/CVE-2009-2285.json +++ b/2009/2xxx/CVE-2009-2285.json @@ -1,262 +1,262 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090621 libtiff buffer underflow in LZWDecodeCompat", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/06/22/1" - }, - { - "name" : "[oss-security] 20090623 Re: libtiff buffer underflow in LZWDecodeCompat", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/06/23/1" - }, - { - "name" : "[oss-security] 20090629 CVE Request -- libtiff [was: Re: libtiff buffer underflow in LZWDecodeCompat]", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/06/29/5" - }, - { - "name" : "http://www.lan.st/showthread.php?t=1856&page=3", - "refsource" : "MISC", - "url" : "http://www.lan.st/showthread.php?t=1856&page=3" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2065", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2065" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/380149", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/380149" - }, - { - "name" : "http://support.apple.com/kb/HT3937", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3937" - }, - { - "name" : "http://support.apple.com/kb/HT4004", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4004" - }, - { - "name" : "http://support.apple.com/kb/HT4013", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4013" - }, - { - "name" : "http://support.apple.com/kb/HT4070", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4070" - }, - { - "name" : "http://support.apple.com/kb/HT4105", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4105" - }, - { - "name" : "APPLE-SA-2009-11-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" - }, - { - "name" : "APPLE-SA-2010-01-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html" - }, - { - "name" : "APPLE-SA-2010-02-02-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html" - }, - { - "name" : "APPLE-SA-2010-03-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2010-03-30-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html" - }, - { - "name" : "DSA-1835", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1835" - }, - { - "name" : "FEDORA-2009-7335", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00142.html" - }, - { - "name" : "FEDORA-2009-7358", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00161.html" - }, - { - "name" : "FEDORA-2009-7417", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00230.html" - }, - { - "name" : "FEDORA-2009-7717", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00655.html" - }, - { - "name" : "FEDORA-2009-7763", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00714.html" - }, - { - "name" : "GLSA-200908-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200908-03.xml" - }, - { - "name" : "RHSA-2009:1159", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1159.html" - }, - { - "name" : "267808", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-267808-1" - }, - { - "name" : "USN-797-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/797-1/" - }, - { - "name" : "oval:org.mitre.oval:def:10145", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10145" - }, - { - "name" : "oval:org.mitre.oval:def:7049", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7049" - }, - { - "name" : "35695", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35695" - }, - { - "name" : "35716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35716" - }, - { - "name" : "35866", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35866" - }, - { - "name" : "35883", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35883" - }, - { - "name" : "35912", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35912" - }, - { - "name" : "36194", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36194" - }, - { - "name" : "36831", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36831" - }, - { - "name" : "38241", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38241" - }, - { - "name" : "39135", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39135" - }, - { - "name" : "ADV-2009-3184", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3184" - }, - { - "name" : "ADV-2010-0173", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0173" - }, - { - "name" : "ADV-2009-1637", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1637" - }, - { - "name" : "ADV-2009-2727", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2727" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-03-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html" + }, + { + "name": "FEDORA-2009-7358", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00161.html" + }, + { + "name": "35866", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35866" + }, + { + "name": "FEDORA-2009-7717", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00655.html" + }, + { + "name": "ADV-2009-1637", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1637" + }, + { + "name": "[oss-security] 20090623 Re: libtiff buffer underflow in LZWDecodeCompat", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/06/23/1" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2065", + "refsource": "CONFIRM", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2065" + }, + { + "name": "oval:org.mitre.oval:def:7049", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7049" + }, + { + "name": "39135", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39135" + }, + { + "name": "http://support.apple.com/kb/HT4004", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4004" + }, + { + "name": "APPLE-SA-2010-01-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html" + }, + { + "name": "USN-797-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/797-1/" + }, + { + "name": "oval:org.mitre.oval:def:10145", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10145" + }, + { + "name": "http://support.apple.com/kb/HT4105", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4105" + }, + { + "name": "35716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35716" + }, + { + "name": "FEDORA-2009-7763", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00714.html" + }, + { + "name": "[oss-security] 20090621 libtiff buffer underflow in LZWDecodeCompat", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/06/22/1" + }, + { + "name": "35912", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35912" + }, + { + "name": "http://support.apple.com/kb/HT4070", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4070" + }, + { + "name": "APPLE-SA-2010-02-02-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html" + }, + { + "name": "35883", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35883" + }, + { + "name": "ADV-2009-2727", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2727" + }, + { + "name": "35695", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35695" + }, + { + "name": "http://www.lan.st/showthread.php?t=1856&page=3", + "refsource": "MISC", + "url": "http://www.lan.st/showthread.php?t=1856&page=3" + }, + { + "name": "36194", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36194" + }, + { + "name": "36831", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36831" + }, + { + "name": "GLSA-200908-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200908-03.xml" + }, + { + "name": "ADV-2009-3184", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3184" + }, + { + "name": "http://support.apple.com/kb/HT4013", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4013" + }, + { + "name": "FEDORA-2009-7335", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00142.html" + }, + { + "name": "APPLE-SA-2010-03-30-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html" + }, + { + "name": "267808", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-267808-1" + }, + { + "name": "RHSA-2009:1159", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1159.html" + }, + { + "name": "38241", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38241" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/380149", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/380149" + }, + { + "name": "APPLE-SA-2009-11-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" + }, + { + "name": "FEDORA-2009-7417", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00230.html" + }, + { + "name": "DSA-1835", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1835" + }, + { + "name": "[oss-security] 20090629 CVE Request -- libtiff [was: Re: libtiff buffer underflow in LZWDecodeCompat]", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/06/29/5" + }, + { + "name": "ADV-2010-0173", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0173" + }, + { + "name": "http://support.apple.com/kb/HT3937", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3937" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2777.json b/2009/2xxx/CVE-2009-2777.json index b53362b9e70..6452b9fedcf 100644 --- a/2009/2xxx/CVE-2009-2777.json +++ b/2009/2xxx/CVE-2009-2777.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in visitor/view.php in GarageSales Script allows remote attackers to execute arbitrary SQL commands via the key parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9262", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9262" - }, - { - "name" : "56578", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/56578" - }, - { - "name" : "36017", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36017" - }, - { - "name" : "ADV-2009-2023", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2023" - }, - { - "name" : "garagesalesjunkie-view-sql-injection(52034)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in visitor/view.php in GarageSales Script allows remote attackers to execute arbitrary SQL commands via the key parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36017", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36017" + }, + { + "name": "ADV-2009-2023", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2023" + }, + { + "name": "9262", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9262" + }, + { + "name": "56578", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/56578" + }, + { + "name": "garagesalesjunkie-view-sql-injection(52034)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52034" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2890.json b/2009/2xxx/CVE-2009-2890.json index f3f626ceb7e..871a1f0e941 100644 --- a/2009/2xxx/CVE-2009-2890.json +++ b/2009/2xxx/CVE-2009-2890.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddles allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/riddledepot-sqlxss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/riddledepot-sqlxss.txt" - }, - { - "name" : "56124", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/56124" - }, - { - "name" : "35932", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35932" - }, - { - "name" : "riddles-results-xss(51874)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51874" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddles allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0907-exploits/riddledepot-sqlxss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/riddledepot-sqlxss.txt" + }, + { + "name": "riddles-results-xss(51874)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51874" + }, + { + "name": "56124", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/56124" + }, + { + "name": "35932", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35932" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2958.json b/2009/2xxx/CVE-2009-2958.json index 00fbbaedecd..bd50b9833e3 100644 --- a/2009/2xxx/CVE-2009-2958.json +++ b/2009/2xxx/CVE-2009-2958.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.coresecurity.com/content/dnsmasq-vulnerabilities", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/dnsmasq-vulnerabilities" - }, - { - "name" : "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG", - "refsource" : "CONFIRM", - "url" : "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=519020", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=519020" - }, - { - "name" : "RHSA-2010:0095", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0095.html" - }, - { - "name" : "RHSA-2009:1238", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1238.html" - }, - { - "name" : "USN-827-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-827-1" - }, - { - "name" : "36120", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36120" - }, - { - "name" : "oval:org.mitre.oval:def:9816", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9816" - }, - { - "name" : "36563", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36563", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36563" + }, + { + "name": "USN-827-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-827-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=519020", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=519020" + }, + { + "name": "36120", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36120" + }, + { + "name": "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG", + "refsource": "CONFIRM", + "url": "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG" + }, + { + "name": "oval:org.mitre.oval:def:9816", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9816" + }, + { + "name": "http://www.coresecurity.com/content/dnsmasq-vulnerabilities", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/dnsmasq-vulnerabilities" + }, + { + "name": "RHSA-2010:0095", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html" + }, + { + "name": "RHSA-2009:1238", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1238.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3063.json b/2009/3xxx/CVE-2009-3063.json index 89c65126e4e..86a29d9bb4b 100644 --- a/2009/3xxx/CVE-2009-3063.json +++ b/2009/3xxx/CVE-2009-3063.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Game Server (com_gameserver) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a gamepanel action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9571", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9571" - }, - { - "name" : "36213", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36213" - }, - { - "name" : "ADV-2009-2523", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2523" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Game Server (com_gameserver) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a gamepanel action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36213", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36213" + }, + { + "name": "9571", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9571" + }, + { + "name": "ADV-2009-2523", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2523" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3114.json b/2009/3xxx/CVE-2009-3114.json index 270ce5d88f7..1a2a75a07a8 100644 --- a/2009/3xxx/CVE-2009-3114.json +++ b/2009/3xxx/CVE-2009-3114.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090908 [scip_Advisory 4021] IBM Lotus Notes 8.5 RSS Widget Privilege Escalation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/506296/100/0/threaded" - }, - { - "name" : "http://www.scip.ch/?vuldb.4021", - "refsource" : "MISC", - "url" : "http://www.scip.ch/?vuldb.4021" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21403834", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21403834" - }, - { - "name" : "36305", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36305" - }, - { - "name" : "36813", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36813" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.scip.ch/?vuldb.4021", + "refsource": "MISC", + "url": "http://www.scip.ch/?vuldb.4021" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21403834", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21403834" + }, + { + "name": "36813", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36813" + }, + { + "name": "20090908 [scip_Advisory 4021] IBM Lotus Notes 8.5 RSS Widget Privilege Escalation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/506296/100/0/threaded" + }, + { + "name": "36305", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36305" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3565.json b/2009/3xxx/CVE-2009-3565.json index def3c9a5874..0cc1d6c0a72 100644 --- a/2009/3xxx/CVE-2009-3565.json +++ b/2009/3xxx/CVE-2009-3565.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091111 [SWRX-2009-001] McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507820/100/0/threaded" - }, - { - "name" : "http://www.secureworks.com/ctu/advisories/SWRX-2009-001", - "refsource" : "MISC", - "url" : "http://www.secureworks.com/ctu/advisories/SWRX-2009-001" - }, - { - "name" : "http://kc.mcafee.com/corporate/index?page=content&id=SB10004", - "refsource" : "CONFIRM", - "url" : "http://kc.mcafee.com/corporate/index?page=content&id=SB10004" - }, - { - "name" : "37003", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37003" - }, - { - "name" : "59911", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/59911" - }, - { - "name" : "1023171", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023171" - }, - { - "name" : "37178", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37178" - }, - { - "name" : "ADV-2009-3226", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3226" - }, - { - "name" : "nsm-login-xss(54250)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1023171", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023171" + }, + { + "name": "ADV-2009-3226", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3226" + }, + { + "name": "http://kc.mcafee.com/corporate/index?page=content&id=SB10004", + "refsource": "CONFIRM", + "url": "http://kc.mcafee.com/corporate/index?page=content&id=SB10004" + }, + { + "name": "37003", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37003" + }, + { + "name": "nsm-login-xss(54250)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54250" + }, + { + "name": "37178", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37178" + }, + { + "name": "20091111 [SWRX-2009-001] McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507820/100/0/threaded" + }, + { + "name": "http://www.secureworks.com/ctu/advisories/SWRX-2009-001", + "refsource": "MISC", + "url": "http://www.secureworks.com/ctu/advisories/SWRX-2009-001" + }, + { + "name": "59911", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/59911" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3789.json b/2009/3xxx/CVE-2009-3789.json index 177aea1a088..e2a21f73342 100644 --- a/2009/3xxx/CVE-2009-3789.json +++ b/2009/3xxx/CVE-2009-3789.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3789", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.packetstormsecurity.org/0910-exploits/opendocman-sqlxss.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.org/0910-exploits/opendocman-sqlxss.txt" - }, - { - "name" : "36777", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36777" - }, - { - "name" : "59302", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/59302" - }, - { - "name" : "59303", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/59303" - }, - { - "name" : "59304", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/59304" - }, - { - "name" : "59305", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/59305" - }, - { - "name" : "59306", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/59306" - }, - { - "name" : "59307", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/59307" - }, - { - "name" : "59308", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/59308" - }, - { - "name" : "59309", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/59309" - }, - { - "name" : "59310", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/59310" - }, - { - "name" : "59311", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/59311" - }, - { - "name" : "59312", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/59312" - }, - { - "name" : "30750", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30750" - }, - { - "name" : "opendocman-multiple-xss(53887)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59302", + "refsource": "OSVDB", + "url": "http://osvdb.org/59302" + }, + { + "name": "59307", + "refsource": "OSVDB", + "url": "http://osvdb.org/59307" + }, + { + "name": "36777", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36777" + }, + { + "name": "59309", + "refsource": "OSVDB", + "url": "http://osvdb.org/59309" + }, + { + "name": "59304", + "refsource": "OSVDB", + "url": "http://osvdb.org/59304" + }, + { + "name": "59311", + "refsource": "OSVDB", + "url": "http://osvdb.org/59311" + }, + { + "name": "59310", + "refsource": "OSVDB", + "url": "http://osvdb.org/59310" + }, + { + "name": "59308", + "refsource": "OSVDB", + "url": "http://osvdb.org/59308" + }, + { + "name": "30750", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30750" + }, + { + "name": "http://www.packetstormsecurity.org/0910-exploits/opendocman-sqlxss.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.org/0910-exploits/opendocman-sqlxss.txt" + }, + { + "name": "59303", + "refsource": "OSVDB", + "url": "http://osvdb.org/59303" + }, + { + "name": "59305", + "refsource": "OSVDB", + "url": "http://osvdb.org/59305" + }, + { + "name": "opendocman-multiple-xss(53887)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53887" + }, + { + "name": "59306", + "refsource": "OSVDB", + "url": "http://osvdb.org/59306" + }, + { + "name": "59312", + "refsource": "OSVDB", + "url": "http://osvdb.org/59312" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4778.json b/2009/4xxx/CVE-2009-4778.json index 50337c82eb7..5623e23f893 100644 --- a/2009/4xxx/CVE-2009-4778.json +++ b/2009/4xxx/CVE-2009-4778.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4778", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.7 and 5.0.0, and BlackBerry Professional Software 4.1.4, allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246, CVE-2009-0176, CVE-2009-0219, CVE-2009-2643, and CVE-2009-2646." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4778", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.blackberry.com/btsc/KB19860", - "refsource" : "CONFIRM", - "url" : "http://www.blackberry.com/btsc/KB19860" - }, - { - "name" : "37167", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37167" - }, - { - "name" : "1023258", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023258" - }, - { - "name" : "37562", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37562" - }, - { - "name" : "ADV-2009-3372", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.7 and 5.0.0, and BlackBerry Professional Software 4.1.4, allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246, CVE-2009-0176, CVE-2009-0219, CVE-2009-2643, and CVE-2009-2646." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37167", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37167" + }, + { + "name": "1023258", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023258" + }, + { + "name": "37562", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37562" + }, + { + "name": "http://www.blackberry.com/btsc/KB19860", + "refsource": "CONFIRM", + "url": "http://www.blackberry.com/btsc/KB19860" + }, + { + "name": "ADV-2009-3372", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3372" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0100.json b/2015/0xxx/CVE-2015-0100.json index 7c2338e99e6..59730c5a536 100644 --- a/2015/0xxx/CVE-2015-0100.json +++ b/2015/0xxx/CVE-2015-0100.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-0100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-018", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-018" - }, - { - "name" : "72926", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72926" - }, - { - "name" : "1031888", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-018", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-018" + }, + { + "name": "1031888", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031888" + }, + { + "name": "72926", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72926" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0160.json b/2015/0xxx/CVE-2015-0160.json index 7af6f34ac6a..f0d55f7e031 100644 --- a/2015/0xxx/CVE-2015-0160.json +++ b/2015/0xxx/CVE-2015-0160.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0160", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary commands with SYSTEM privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699470", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699470" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary commands with SYSTEM privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699470" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0716.json b/2015/0xxx/CVE-2015-0716.json index 28e7182e91d..c203896cb38 100644 --- a/2015/0xxx/CVE-2015-0716.json +++ b/2015/0xxx/CVE-2015-0716.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0716", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0716", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150505 Cisco Unity Connection CUCReports Page Cross-Site Request Forgery Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=38675" - }, - { - "name" : "1032259", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032259" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150505 Cisco Unity Connection CUCReports Page Cross-Site Request Forgery Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38675" + }, + { + "name": "1032259", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032259" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0933.json b/2015/0xxx/CVE-2015-0933.json index ec60e391905..19e60a0b6a1 100644 --- a/2015/0xxx/CVE-2015-0933.json +++ b/2015/0xxx/CVE-2015-0933.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \\include command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-0933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#302668", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/302668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \\include command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#302668", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/302668" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1096.json b/2015/1xxx/CVE-2015-1096.json index 4d388b17eba..b6dca2dd177 100644 --- a/2015/1xxx/CVE-2015-1096.json +++ b/2015/1xxx/CVE-2015-1096.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204659", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204659" - }, - { - "name" : "https://support.apple.com/HT204661", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204661" - }, - { - "name" : "https://support.apple.com/HT204662", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204662" - }, - { - "name" : "https://support.apple.com/kb/HT204870", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT204870" - }, - { - "name" : "APPLE-SA-2015-04-08-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-04-08-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" - }, - { - "name" : "APPLE-SA-2015-04-08-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" - }, - { - "name" : "1032048", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT204659", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204659" + }, + { + "name": "https://support.apple.com/kb/HT204870", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT204870" + }, + { + "name": "APPLE-SA-2015-04-08-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" + }, + { + "name": "1032048", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032048" + }, + { + "name": "APPLE-SA-2015-04-08-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" + }, + { + "name": "https://support.apple.com/HT204662", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204662" + }, + { + "name": "APPLE-SA-2015-04-08-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" + }, + { + "name": "https://support.apple.com/HT204661", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204661" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1784.json b/2015/1xxx/CVE-2015-1784.json index 50c4972a2d1..7de115e73d4 100644 --- a/2015/1xxx/CVE-2015-1784.json +++ b/2015/1xxx/CVE-2015-1784.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1784", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1784", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4090.json b/2015/4xxx/CVE-2015-4090.json index ce4a7166e46..14e59b507e7 100644 --- a/2015/4xxx/CVE-2015-4090.json +++ b/2015/4xxx/CVE-2015-4090.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4090", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4090", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4306.json b/2015/4xxx/CVE-2015-4306.json index 9b924e9004d..8b79835aed6 100644 --- a/2015/4xxx/CVE-2015-4306.json +++ b/2015/4xxx/CVE-2015-4306.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka Bug IDs CSCus88343 and CSCus88334." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150916 Multiple Vulnerabilities in Cisco Prime Collaboration Assurance", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pca" - }, - { - "name" : "1033581", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033581" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka Bug IDs CSCus88343 and CSCus88334." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150916 Multiple Vulnerabilities in Cisco Prime Collaboration Assurance", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pca" + }, + { + "name": "1033581", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033581" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4327.json b/2015/4xxx/CVE-2015-4327.json index af39d315430..f1d4940d9ea 100644 --- a/2015/4xxx/CVE-2015-4327.json +++ b/2015/4xxx/CVE-2015-4327.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4327", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CLI in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to obtain root privileges by writing script arguments to an unspecified file, aka Bug ID CSCuv12542." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4327", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150818 Cisco TelePresence Video Communication Server Expressway Arbitrary File Injection Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=40518" - }, - { - "name" : "76408", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76408" - }, - { - "name" : "1033332", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033332" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CLI in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to obtain root privileges by writing script arguments to an unspecified file, aka Bug ID CSCuv12542." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "76408", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76408" + }, + { + "name": "20150818 Cisco TelePresence Video Communication Server Expressway Arbitrary File Injection Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40518" + }, + { + "name": "1033332", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033332" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4554.json b/2015/4xxx/CVE-2015-4554.json index 2cf296e8a81..dcff532a807 100644 --- a/2015/4xxx/CVE-2015-4554.json +++ b/2015/4xxx/CVE-2015-4554.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in TIBCO Spotfire Client and Spotfire Web Player Client in Spotfire Analyst before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Analytics Platform for AWS 6.5 and 7.0.x before 7.0.1; Spotfire Automation Services before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Deployment Kit before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Desktop before 6.5.2 and 7.0.x before 7.0.1; Spotfire Desktop Language Packs 7.0.x before 7.0.1; Spotfire Professional before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Web Player before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; and Silver Fabric Enabler for Spotfire Web Player before 2.1.1 allow remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tibco.com/assets/blt1fd126faba191a9f/2015-001-advisory.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/assets/blt1fd126faba191a9f/2015-001-advisory.txt" - }, - { - "name" : "http://www.tibco.com/mk/advisory.jsp", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/mk/advisory.jsp" - }, - { - "name" : "1033015", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033015" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in TIBCO Spotfire Client and Spotfire Web Player Client in Spotfire Analyst before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Analytics Platform for AWS 6.5 and 7.0.x before 7.0.1; Spotfire Automation Services before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Deployment Kit before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Desktop before 6.5.2 and 7.0.x before 7.0.1; Spotfire Desktop Language Packs 7.0.x before 7.0.1; Spotfire Professional before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Web Player before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; and Silver Fabric Enabler for Spotfire Web Player before 2.1.1 allow remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033015", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033015" + }, + { + "name": "http://www.tibco.com/mk/advisory.jsp", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/mk/advisory.jsp" + }, + { + "name": "http://www.tibco.com/assets/blt1fd126faba191a9f/2015-001-advisory.txt", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/assets/blt1fd126faba191a9f/2015-001-advisory.txt" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4564.json b/2015/4xxx/CVE-2015-4564.json index bc7cb327d45..d4ce3c271e3 100644 --- a/2015/4xxx/CVE-2015-4564.json +++ b/2015/4xxx/CVE-2015-4564.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4564", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4564", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5524.json b/2015/5xxx/CVE-2015-5524.json index 6bca357f6d9..6615472b8af 100644 --- a/2015/5xxx/CVE-2015-5524.json +++ b/2015/5xxx/CVE-2015-5524.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5524", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5524", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5646.json b/2015/5xxx/CVE-2015-5646.json index 8579ca328ac..1d579c1aaf9 100644 --- a/2015/5xxx/CVE-2015-5646.json +++ b/2015/5xxx/CVE-2015-5646.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-5646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jvn.jp/en/jp/JVN21025396/374951/index.html", - "refsource" : "CONFIRM", - "url" : "http://jvn.jp/en/jp/JVN21025396/374951/index.html" - }, - { - "name" : "https://support.cybozu.com/ja-jp/article/8809", - "refsource" : "CONFIRM", - "url" : "https://support.cybozu.com/ja-jp/article/8809" - }, - { - "name" : "https://support.cybozu.com/ja-jp/article/8811", - "refsource" : "CONFIRM", - "url" : "https://support.cybozu.com/ja-jp/article/8811" - }, - { - "name" : "JVN#21025396", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN21025396/index.html" - }, - { - "name" : "JVNDB-2015-000151", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000151" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.cybozu.com/ja-jp/article/8811", + "refsource": "CONFIRM", + "url": "https://support.cybozu.com/ja-jp/article/8811" + }, + { + "name": "JVNDB-2015-000151", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000151" + }, + { + "name": "JVN#21025396", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN21025396/index.html" + }, + { + "name": "http://jvn.jp/en/jp/JVN21025396/374951/index.html", + "refsource": "CONFIRM", + "url": "http://jvn.jp/en/jp/JVN21025396/374951/index.html" + }, + { + "name": "https://support.cybozu.com/ja-jp/article/8809", + "refsource": "CONFIRM", + "url": "https://support.cybozu.com/ja-jp/article/8809" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5775.json b/2015/5xxx/CVE-2015-5775.json index 878ea983948..a8b9a8dbd98 100644 --- a/2015/5xxx/CVE-2015-5775.json +++ b/2015/5xxx/CVE-2015-5775.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5775", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5775", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT205030", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205030" - }, - { - "name" : "https://support.apple.com/kb/HT205031", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205031" - }, - { - "name" : "APPLE-SA-2015-08-13-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-08-13-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" - }, - { - "name" : "76343", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76343" - }, - { - "name" : "1033275", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033275" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/kb/HT205030", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205030" + }, + { + "name": "1033275", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033275" + }, + { + "name": "APPLE-SA-2015-08-13-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" + }, + { + "name": "APPLE-SA-2015-08-13-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" + }, + { + "name": "https://support.apple.com/kb/HT205031", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205031" + }, + { + "name": "76343", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76343" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5895.json b/2015/5xxx/CVE-2015-5895.json index c51f22f3815..473cc146a08 100644 --- a/2015/5xxx/CVE-2015-5895.json +++ b/2015/5xxx/CVE-2015-5895.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205212", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205212" - }, - { - "name" : "APPLE-SA-2015-09-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" - }, - { - "name" : "76764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76764" - }, - { - "name" : "1033609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033609" + }, + { + "name": "https://support.apple.com/HT205212", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205212" + }, + { + "name": "76764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76764" + }, + { + "name": "APPLE-SA-2015-09-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2124.json b/2018/2xxx/CVE-2018-2124.json index 6173b709317..c1c47b4147a 100644 --- a/2018/2xxx/CVE-2018-2124.json +++ b/2018/2xxx/CVE-2018-2124.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2124", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2124", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2414.json b/2018/2xxx/CVE-2018-2414.json index 1afc50a8b25..062c7e3fe51 100644 --- a/2018/2xxx/CVE-2018-2414.json +++ b/2018/2xxx/CVE-2018-2414.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2414", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-2414", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3304.json b/2018/3xxx/CVE-2018-3304.json index b9ff198d51c..8bba5a60899 100644 --- a/2018/3xxx/CVE-2018-3304.json +++ b/2018/3xxx/CVE-2018-3304.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Application Testing Suite", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.5.0.3" - }, - { - "version_affected" : "=", - "version_value" : "13.1.0.1" - }, - { - "version_affected" : "=", - "version_value" : "13.2.0.1" - }, - { - "version_affected" : "=", - "version_value" : "13.3.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Testing Suite accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Testing Suite accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Testing Suite", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.5.0.3" + }, + { + "version_affected": "=", + "version_value": "13.1.0.1" + }, + { + "version_affected": "=", + "version_value": "13.2.0.1" + }, + { + "version_affected": "=", + "version_value": "13.3.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106615", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106615" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Testing Suite accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Testing Suite accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106615", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106615" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3571.json b/2018/3xxx/CVE-2018-3571.json index 1eacf2f700c..15ecbf07cc7 100644 --- a/2018/3xxx/CVE-2018-3571.json +++ b/2018/3xxx/CVE-2018-3571.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-05-11T00:00:00", - "ID" : "CVE-2018-3571", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the KGSL driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a Use After Free condition can occur when printing information about sparse memory allocations" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free in Graphics" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-05-11T00:00:00", + "ID": "CVE-2018-3571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2", - "refsource" : "MISC", - "url" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the KGSL driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a Use After Free condition can occur when printing information about sparse memory allocations" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free in Graphics" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2", + "refsource": "MISC", + "url": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3574.json b/2018/3xxx/CVE-2018-3574.json index fccd29a77f2..ff87e1cfa71 100644 --- a/2018/3xxx/CVE-2018-3574.json +++ b/2018/3xxx/CVE-2018-3574.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-3574", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, userspace can request ION cache maintenance on a secure ION buffer for which the ION_FLAG_SECURE ion flag is not set and cause the kernel to attempt to perform cache maintenance on memory which does not belong to HLOS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation in Kernel" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-3574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=3286b75d91519073d2f20bee85f22e294d5f1a18", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=3286b75d91519073d2f20bee85f22e294d5f1a18" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=09874396dfbf546e5a628d810fcf5ea51a4d5785", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=09874396dfbf546e5a628d810fcf5ea51a4d5785" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=53261410da625aaa2e070555aaa150a8533e5be4", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=53261410da625aaa2e070555aaa150a8533e5be4" - }, - { - "name" : "https://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000049462", - "refsource" : "CONFIRM", - "url" : "https://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000049462" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, userspace can request ION cache maintenance on a secure ION buffer for which the ION_FLAG_SECURE ion flag is not set and cause the kernel to attempt to perform cache maintenance on memory which does not belong to HLOS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation in Kernel" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" + }, + { + "name": "https://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000049462", + "refsource": "CONFIRM", + "url": "https://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000049462" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=09874396dfbf546e5a628d810fcf5ea51a4d5785", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=09874396dfbf546e5a628d810fcf5ea51a4d5785" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=53261410da625aaa2e070555aaa150a8533e5be4", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=53261410da625aaa2e070555aaa150a8533e5be4" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=3286b75d91519073d2f20bee85f22e294d5f1a18", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=3286b75d91519073d2f20bee85f22e294d5f1a18" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3873.json b/2018/3xxx/CVE-2018-3873.json index 6904912926d..d0fd48b163f 100644 --- a/2018/3xxx/CVE-2018-3873.json +++ b/2018/3xxx/CVE-2018-3873.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-07-26T00:00:00", - "ID" : "CVE-2018-3873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SmartThings Hub STH-ETH-250", - "version" : { - "version_data" : [ - { - "version_value" : "Firmware version 0.20.17" - } - ] - } - } - ] - }, - "vendor_name" : "Samsung" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long \"secretKey\" value in order to exploit this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Classic Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-07-26T00:00:00", + "ID": "CVE-2018-3873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SmartThings Hub STH-ETH-250", + "version": { + "version_data": [ + { + "version_value": "Firmware version 0.20.17" + } + ] + } + } + ] + }, + "vendor_name": "Samsung" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0555", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long \"secretKey\" value in order to exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Classic Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0555", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0555" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3876.json b/2018/3xxx/CVE-2018-3876.json index 0cbd7327fd1..012ca1d6863 100644 --- a/2018/3xxx/CVE-2018-3876.json +++ b/2018/3xxx/CVE-2018-3876.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-07-26T00:00:00", - "ID" : "CVE-2018-3876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SmartThings Hub STH-ETH-250", - "version" : { - "version_data" : [ - { - "version_value" : "Firmware version 0.20.17" - } - ] - } - } - ] - }, - "vendor_name" : "Samsung" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long \"bucket\" value in order to exploit this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Classic Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-07-26T00:00:00", + "ID": "CVE-2018-3876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SmartThings Hub STH-ETH-250", + "version": { + "version_data": [ + { + "version_value": "Firmware version 0.20.17" + } + ] + } + } + ] + }, + "vendor_name": "Samsung" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0555", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long \"bucket\" value in order to exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Classic Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0555", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0555" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3901.json b/2018/3xxx/CVE-2018-3901.json index ce1ea592a42..57a840086a1 100644 --- a/2018/3xxx/CVE-2018-3901.json +++ b/2018/3xxx/CVE-2018-3901.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3901", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3901", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6220.json b/2018/6xxx/CVE-2018-6220.json index a3a5ebf32c3..9dd26ae9783 100644 --- a/2018/6xxx/CVE-2018-6220.json +++ b/2018/6xxx/CVE-2018-6220.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2018-6220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Email Encryption Gateway", - "version" : { - "version_data" : [ - { - "version_value" : "5.5" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OTHER - Arbitrary File Write" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2018-6220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Email Encryption Gateway", + "version": { + "version_data": [ + { + "version_value": "5.5" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44166", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44166/" - }, - { - "name" : "https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities" - }, - { - "name" : "https://success.trendmicro.com/solution/1119349", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1119349" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OTHER - Arbitrary File Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44166", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44166/" + }, + { + "name": "https://success.trendmicro.com/solution/1119349", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1119349" + }, + { + "name": "https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6444.json b/2018/6xxx/CVE-2018-6444.json index ce1896b7631..d39716ff16c 100644 --- a/2018/6xxx/CVE-2018-6444.json +++ b/2018/6xxx/CVE-2018-6444.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@brocade.com", - "ID" : "CVE-2018-6444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Brocade Network Advisor", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to version 14.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "Brocade Communications Systems, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code. The vulnerability could also be exploited to execute arbitrary OS Commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@brocade.com", + "ID": "CVE-2018-6444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Brocade Network Advisor", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 14.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Brocade Communications Systems, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-744", - "refsource" : "CONFIRM", - "url" : "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-744" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code. The vulnerability could also be exploited to execute arbitrary OS Commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-744", + "refsource": "CONFIRM", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-744" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6636.json b/2018/6xxx/CVE-2018-6636.json index 28a835b1ba1..cd83ed1841a 100644 --- a/2018/6xxx/CVE-2018-6636.json +++ b/2018/6xxx/CVE-2018-6636.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6636", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6636", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7103.json b/2018/7xxx/CVE-2018-7103.json index 21c1ed8934d..739cdd01a93 100644 --- a/2018/7xxx/CVE-2018-7103.json +++ b/2018/7xxx/CVE-2018-7103.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "ID" : "CVE-2018-7103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HPE Intelligent Management Center (iMC) Wireless Services Manager Software", - "version" : { - "version_data" : [ - { - "version_value" : "Prior to IMC WSM 7.3 E0506P02" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "ID": "CVE-2018-7103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HPE Intelligent Management Center (iMC) Wireless Services Manager Software", + "version": { + "version_data": [ + { + "version_value": "Prior to IMC WSM 7.3 E0506P02" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03893en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03893en_us" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03893en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03893en_us" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7231.json b/2018/7xxx/CVE-2018-7231.json index b3302436ab7..9862506ee6b 100644 --- a/2018/7xxx/CVE-2018-7231.json +++ b/2018/7xxx/CVE-2018-7231.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cybersecurity@se.com", - "DATE_PUBLIC" : "2018-03-01T00:00:00", - "ID" : "CVE-2018-7231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Pelco Sarix Professional", - "version" : { - "version_data" : [ - { - "version_value" : "all firmware versions prior to 3.29.71" - } - ] - } - } - ] - }, - "vendor_name" : "Schneider Electric SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'system.opkg.remove'." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Command Execution" - } + "CVE_data_meta": { + "ASSIGNER": "cybersecurity@schneider-electric.com", + "DATE_PUBLIC": "2018-03-01T00:00:00", + "ID": "CVE-2018-7231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Pelco Sarix Professional", + "version": { + "version_data": [ + { + "version_value": "all firmware versions prior to 3.29.71" + } + ] + } + } + ] + }, + "vendor_name": "Schneider Electric SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'system.opkg.remove'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7406.json b/2018/7xxx/CVE-2018-7406.json index 4a01f4eb05c..08da4597414 100644 --- a/2018/7xxx/CVE-2018-7406.json +++ b/2018/7xxx/CVE-2018-7406.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the u3d images inside of a pdf. The issue results from the lack of proper validation of user-supplied data, which can result in an array indexing issue. An attacker can leverage this to execute code in the context of the current process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://srcincite.io/advisories/src-2018-0017/", - "refsource" : "MISC", - "url" : "https://srcincite.io/advisories/src-2018-0017/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - }, - { - "name" : "104300", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the u3d images inside of a pdf. The issue results from the lack of proper validation of user-supplied data, which can result in an array indexing issue. An attacker can leverage this to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "104300", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104300" + }, + { + "name": "https://srcincite.io/advisories/src-2018-0017/", + "refsource": "MISC", + "url": "https://srcincite.io/advisories/src-2018-0017/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7414.json b/2018/7xxx/CVE-2018-7414.json index 0588f4f04a7..d84bf6555bb 100644 --- a/2018/7xxx/CVE-2018-7414.json +++ b/2018/7xxx/CVE-2018-7414.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7414", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7414", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7751.json b/2018/7xxx/CVE-2018-7751.json index be9619d969b..0e2c67cd7a8 100644 --- a/2018/7xxx/CVE-2018-7751.json +++ b/2018/7xxx/CVE-2018-7751.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7751", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7751", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a6cba062051f345e8ebfdff34aba071ed73d923f", - "refsource" : "CONFIRM", - "url" : "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a6cba062051f345e8ebfdff34aba071ed73d923f" - }, - { - "name" : "103956", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103956" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103956", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103956" + }, + { + "name": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a6cba062051f345e8ebfdff34aba071ed73d923f", + "refsource": "CONFIRM", + "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a6cba062051f345e8ebfdff34aba071ed73d923f" + } + ] + } +} \ No newline at end of file