From 0e7b91d5805b10a0abfc238df255207a714555c7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:05:42 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0154.json | 170 +++++++++--------- 2002/2xxx/CVE-2002-2043.json | 140 +++++++-------- 2002/2xxx/CVE-2002-2135.json | 34 ++-- 2005/0xxx/CVE-2005-0024.json | 34 ++-- 2005/0xxx/CVE-2005-0140.json | 150 ++++++++-------- 2005/0xxx/CVE-2005-0246.json | 200 ++++++++++----------- 2005/0xxx/CVE-2005-0808.json | 160 ++++++++--------- 2005/0xxx/CVE-2005-0902.json | 140 +++++++-------- 2005/1xxx/CVE-2005-1119.json | 120 ++++++------- 2005/4xxx/CVE-2005-4163.json | 120 ++++++------- 2005/4xxx/CVE-2005-4210.json | 170 +++++++++--------- 2005/4xxx/CVE-2005-4541.json | 34 ++-- 2005/4xxx/CVE-2005-4703.json | 160 ++++++++--------- 2005/4xxx/CVE-2005-4710.json | 150 ++++++++-------- 2009/0xxx/CVE-2009-0050.json | 140 +++++++-------- 2009/0xxx/CVE-2009-0169.json | 170 +++++++++--------- 2009/1xxx/CVE-2009-1147.json | 180 +++++++++---------- 2009/1xxx/CVE-2009-1713.json | 220 +++++++++++------------ 2009/1xxx/CVE-2009-1811.json | 150 ++++++++-------- 2009/4xxx/CVE-2009-4148.json | 140 +++++++-------- 2009/4xxx/CVE-2009-4540.json | 140 +++++++-------- 2009/4xxx/CVE-2009-4578.json | 150 ++++++++-------- 2009/4xxx/CVE-2009-4687.json | 130 +++++++------- 2009/4xxx/CVE-2009-4818.json | 140 +++++++-------- 2009/5xxx/CVE-2009-5079.json | 170 +++++++++--------- 2012/2xxx/CVE-2012-2178.json | 34 ++-- 2012/2xxx/CVE-2012-2231.json | 34 ++-- 2012/2xxx/CVE-2012-2651.json | 34 ++-- 2012/2xxx/CVE-2012-2723.json | 190 ++++++++++---------- 2012/3xxx/CVE-2012-3170.json | 130 +++++++------- 2012/3xxx/CVE-2012-3320.json | 34 ++-- 2012/3xxx/CVE-2012-3393.json | 160 ++++++++--------- 2012/3xxx/CVE-2012-3554.json | 140 +++++++-------- 2012/6xxx/CVE-2012-6390.json | 34 ++-- 2015/1xxx/CVE-2015-1302.json | 210 +++++++++++----------- 2015/5xxx/CVE-2015-5144.json | 210 +++++++++++----------- 2015/5xxx/CVE-2015-5202.json | 120 ++++++------- 2015/5xxx/CVE-2015-5212.json | 220 +++++++++++------------ 2015/5xxx/CVE-2015-5223.json | 200 ++++++++++----------- 2015/5xxx/CVE-2015-5340.json | 130 +++++++------- 2015/5xxx/CVE-2015-5617.json | 34 ++-- 2017/2xxx/CVE-2017-2698.json | 132 +++++++------- 2018/11xxx/CVE-2018-11235.json | 210 +++++++++++----------- 2018/11xxx/CVE-2018-11527.json | 120 ++++++------- 2018/11xxx/CVE-2018-11802.json | 34 ++-- 2018/11xxx/CVE-2018-11870.json | 120 ++++++------- 2018/11xxx/CVE-2018-11884.json | 120 ++++++------- 2018/11xxx/CVE-2018-11953.json | 34 ++-- 2018/15xxx/CVE-2018-15849.json | 120 ++++++------- 2018/15xxx/CVE-2018-15884.json | 130 +++++++------- 2018/15xxx/CVE-2018-15897.json | 120 ++++++------- 2018/15xxx/CVE-2018-15971.json | 130 +++++++------- 2018/15xxx/CVE-2018-15986.json | 130 +++++++------- 2018/3xxx/CVE-2018-3264.json | 142 +++++++-------- 2018/3xxx/CVE-2018-3807.json | 34 ++-- 2018/8xxx/CVE-2018-8403.json | 318 ++++++++++++++++----------------- 2018/8xxx/CVE-2018-8705.json | 34 ++-- 2018/8xxx/CVE-2018-8998.json | 120 ++++++------- 58 files changed, 3737 insertions(+), 3737 deletions(-) diff --git a/2002/0xxx/CVE-2002-0154.json b/2002/0xxx/CVE-2002-0154.json index 4da9f0e5870..bdcda3cffb6 100644 --- a/2002/0xxx/CVE-2002-0154.json +++ b/2002/0xxx/CVE-2002-0154.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020305 Another Sql Server 7 Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101535353331625&w=2" - }, - { - "name" : "20020312 Many, many, many Sql Server 7 & 2000 Buffer Overflows", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/261775" - }, - { - "name" : "MS02-020", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-020" - }, - { - "name" : "CA-2002-22", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-22.html" - }, - { - "name" : "VU#627275", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/627275" - }, - { - "name" : "oval:org.mitre.oval:def:121", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#627275", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/627275" + }, + { + "name": "CA-2002-22", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-22.html" + }, + { + "name": "oval:org.mitre.oval:def:121", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A121" + }, + { + "name": "20020305 Another Sql Server 7 Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101535353331625&w=2" + }, + { + "name": "20020312 Many, many, many Sql Server 7 & 2000 Buffer Overflows", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/261775" + }, + { + "name": "MS02-020", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-020" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2043.json b/2002/2xxx/CVE-2002-2043.json index 172c5d78033..9f9abb782b4 100644 --- a/2002/2xxx/CVE-2002-2043.json +++ b/2002/2xxx/CVE-2002-2043.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020402 SASL (v1/v2) MYSQL/LDAP authentication patch.", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0020.html" - }, - { - "name" : "4409", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4409" - }, - { - "name" : "cyrus-sasl-patch-pop-access(8748)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8748.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4409", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4409" + }, + { + "name": "cyrus-sasl-patch-pop-access(8748)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8748.php" + }, + { + "name": "20020402 SASL (v1/v2) MYSQL/LDAP authentication patch.", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0020.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2135.json b/2002/2xxx/CVE-2002-2135.json index d4816bb4262..00db4fa521e 100644 --- a/2002/2xxx/CVE-2002-2135.json +++ b/2002/2xxx/CVE-2002-2135.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2135", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1618. Reason: This candidate is a duplicate of CVE-2002-1618. Notes: All CVE users should reference CVE-2002-1618 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2002-2135", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1618. Reason: This candidate is a duplicate of CVE-2002-1618. Notes: All CVE users should reference CVE-2002-1618 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0024.json b/2005/0xxx/CVE-2005-0024.json index 9b16c655b4e..bdca72fcb02 100644 --- a/2005/0xxx/CVE-2005-0024.json +++ b/2005/0xxx/CVE-2005-0024.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0024", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0024", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0140.json b/2005/0xxx/CVE-2005-0140.json index 5a53bd88cf1..513bbccda3a 100644 --- a/2005/0xxx/CVE-2005-0140.json +++ b/2005/0xxx/CVE-2005-0140.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in PeID allows attackers to execute arbitrary code via a PE file with an Import Address Table containing a long import library name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050124 DataRescue Interactive Disassembler Pro Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=189&type=vulnerabilities" - }, - { - "name" : "12355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12355" - }, - { - "name" : "13984", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13984" - }, - { - "name" : "database-ida-portable-executable-bo(19042)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19042" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in PeID allows attackers to execute arbitrary code via a PE file with an Import Address Table containing a long import library name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "database-ida-portable-executable-bo(19042)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19042" + }, + { + "name": "12355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12355" + }, + { + "name": "20050124 DataRescue Interactive Disassembler Pro Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=189&type=vulnerabilities" + }, + { + "name": "13984", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13984" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0246.json b/2005/0xxx/CVE-2005-0246.json index 58d3e34307c..8bb3d70299a 100644 --- a/2005/0xxx/CVE-2005-0246.json +++ b/2005/0xxx/CVE-2005-0246.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The intagg contrib module for PostgreSQL 8.0.0 and earlier allows attackers to cause a denial of service (crash) via crafted arrays." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-0246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[pgsql-committers] 20050127 pgsql: Fix security and 64-bit issues in contrib/intagg.", - "refsource" : "MLIST", - "url" : "http://archives.postgresql.org/pgsql-committers/2005-01/msg00401.php" - }, - { - "name" : "MDKSA-2005:040", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:040" - }, - { - "name" : "RHSA-2005:138", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-138.html" - }, - { - "name" : "20050210 [USN-79-1] PostgreSQL vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110806034116082&w=2" - }, - { - "name" : "SUSE-SA:2005:036", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_36_sudo.html" - }, - { - "name" : "12417", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12417" - }, - { - "name" : "oval:org.mitre.oval:def:10148", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10148" - }, - { - "name" : "12948", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12948" - }, - { - "name" : "postgresql-contribintagg-dos(19185)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The intagg contrib module for PostgreSQL 8.0.0 and earlier allows attackers to cause a denial of service (crash) via crafted arrays." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[pgsql-committers] 20050127 pgsql: Fix security and 64-bit issues in contrib/intagg.", + "refsource": "MLIST", + "url": "http://archives.postgresql.org/pgsql-committers/2005-01/msg00401.php" + }, + { + "name": "MDKSA-2005:040", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:040" + }, + { + "name": "20050210 [USN-79-1] PostgreSQL vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110806034116082&w=2" + }, + { + "name": "postgresql-contribintagg-dos(19185)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19185" + }, + { + "name": "RHSA-2005:138", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-138.html" + }, + { + "name": "12948", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12948" + }, + { + "name": "oval:org.mitre.oval:def:10148", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10148" + }, + { + "name": "12417", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12417" + }, + { + "name": "SUSE-SA:2005:036", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_36_sudo.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0808.json b/2005/0xxx/CVE-2005-0808.json index 2f9d82e3c7f..50f438168c3 100644 --- a/2005/0xxx/CVE-2005-0808.json +++ b/2005/0xxx/CVE-2005-0808.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0808", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/JGEI-6A2LEF", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/JGEI-6A2LEF" - }, - { - "name" : "http://www.hitachi-support.com/security_e/vuls_e/HS05-006_e/index-e.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi-support.com/security_e/vuls_e/HS05-006_e/index-e.html" - }, - { - "name" : "VU#204710", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/204710" - }, - { - "name" : "12795", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12795" - }, - { - "name" : "tomcat-manager-ajp12-dos(19681)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19681" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12795", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12795" + }, + { + "name": "http://www.hitachi-support.com/security_e/vuls_e/HS05-006_e/index-e.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi-support.com/security_e/vuls_e/HS05-006_e/index-e.html" + }, + { + "name": "http://www.kb.cert.org/vuls/id/JGEI-6A2LEF", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/JGEI-6A2LEF" + }, + { + "name": "VU#204710", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/204710" + }, + { + "name": "tomcat-manager-ajp12-dos(19681)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19681" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0902.json b/2005/0xxx/CVE-2005-0902.json index 497cf2dbe72..b5795346a2d 100644 --- a/2005/0xxx/CVE-2005-0902.json +++ b/2005/0xxx/CVE-2005-0902.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050325 ZH2005-03SA -- multiple vulnerabilities in NukeBookmarks .6", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111186145609320&w=2" - }, - { - "name" : "http://zone-h.org/advisories/read/id=7356", - "refsource" : "MISC", - "url" : "http://zone-h.org/advisories/read/id=7356" - }, - { - "name" : "http://nukebookmarks.sourceforge.net/", - "refsource" : "CONFIRM", - "url" : "http://nukebookmarks.sourceforge.net/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nukebookmarks.sourceforge.net/", + "refsource": "CONFIRM", + "url": "http://nukebookmarks.sourceforge.net/" + }, + { + "name": "http://zone-h.org/advisories/read/id=7356", + "refsource": "MISC", + "url": "http://zone-h.org/advisories/read/id=7356" + }, + { + "name": "20050325 ZH2005-03SA -- multiple vulnerabilities in NukeBookmarks .6", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111186145609320&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1119.json b/2005/1xxx/CVE-2005-1119.json index 5c7f673cb03..aad04243dd5 100644 --- a/2005/1xxx/CVE-2005-1119.json +++ b/2005/1xxx/CVE-2005-1119.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13171", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13171" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13171", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13171" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4163.json b/2005/4xxx/CVE-2005-4163.json index 41989942438..5c2574aecc8 100644 --- a/2005/4xxx/CVE-2005-4163.json +++ b/2005/4xxx/CVE-2005-4163.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in captcha.php in Captcha PHP 0.9 allows remote attackers to read arbitrary files via the _tcf parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://freshmeat.net/projects/captchaphp/?branch_id=57290&release_id=206985", - "refsource" : "MISC", - "url" : "http://freshmeat.net/projects/captchaphp/?branch_id=57290&release_id=206985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in captcha.php in Captcha PHP 0.9 allows remote attackers to read arbitrary files via the _tcf parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://freshmeat.net/projects/captchaphp/?branch_id=57290&release_id=206985", + "refsource": "MISC", + "url": "http://freshmeat.net/projects/captchaphp/?branch_id=57290&release_id=206985" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4210.json b/2005/4xxx/CVE-2005-4210.json index 169710b82ce..115a6930655 100644 --- a/2005/4xxx/CVE-2005-4210.json +++ b/2005/4xxx/CVE-2005-4210.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 8.51, when running on Windows with Input Method Editor (IME) installed, allows remote attackers to cause a denial of service (persistent application crash) by bookmarking a site with a long title." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/support/search/supsearch.dml?index=821", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/search/supsearch.dml?index=821" - }, - { - "name" : "15813", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15813" - }, - { - "name" : "ADV-2005-2846", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2846" - }, - { - "name" : "21641", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21641" - }, - { - "name" : "17963", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17963" - }, - { - "name" : "opera-bookmark-title-dos(23549)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23549" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 8.51, when running on Windows with Input Method Editor (IME) installed, allows remote attackers to cause a denial of service (persistent application crash) by bookmarking a site with a long title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2846", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2846" + }, + { + "name": "21641", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21641" + }, + { + "name": "17963", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17963" + }, + { + "name": "http://www.opera.com/support/search/supsearch.dml?index=821", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/search/supsearch.dml?index=821" + }, + { + "name": "15813", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15813" + }, + { + "name": "opera-bookmark-title-dos(23549)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23549" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4541.json b/2005/4xxx/CVE-2005-4541.json index 35b17be8b0f..826e92658d3 100644 --- a/2005/4xxx/CVE-2005-4541.json +++ b/2005/4xxx/CVE-2005-4541.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4541", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-4541", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4703.json b/2005/4xxx/CVE-2005-4703.json index 9528ef7f5cc..bb098c3eddf 100644 --- a/2005/4xxx/CVE-2005-4703.json +++ b/2005/4xxx/CVE-2005-4703.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://osvdb.org/ref/20/20033-tomcat-dos-path_disclosure.txt", - "refsource" : "MISC", - "url" : "http://osvdb.org/ref/20/20033-tomcat-dos-path_disclosure.txt" - }, - { - "name" : "http://tomcat.apache.org/security-4.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-4.html" - }, - { - "name" : "28484", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28484" - }, - { - "name" : "20033", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20033" - }, - { - "name" : "tomcat-msdos-path-disclosure(42914)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tomcat.apache.org/security-4.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-4.html" + }, + { + "name": "20033", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20033" + }, + { + "name": "tomcat-msdos-path-disclosure(42914)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42914" + }, + { + "name": "28484", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28484" + }, + { + "name": "http://osvdb.org/ref/20/20033-tomcat-dos-path_disclosure.txt", + "refsource": "MISC", + "url": "http://osvdb.org/ref/20/20033-tomcat-dos-path_disclosure.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4710.json b/2005/4xxx/CVE-2005-4710.json index a60c8383d95..baed551bd92 100644 --- a/2005/4xxx/CVE-2005-4710.json +++ b/2005/4xxx/CVE-2005-4710.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to \"gain inappropriate access to another local user's computer,\" aka ID DL5549329." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=5549329&linkID=4183232", - "refsource" : "CONFIRM", - "url" : "http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=5549329&linkID=4183232" - }, - { - "name" : "16472", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16472" - }, - { - "name" : "18682", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18682" - }, - { - "name" : "autodesk-gain-privileges(24460)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24460" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to \"gain inappropriate access to another local user's computer,\" aka ID DL5549329." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=5549329&linkID=4183232", + "refsource": "CONFIRM", + "url": "http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=5549329&linkID=4183232" + }, + { + "name": "18682", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18682" + }, + { + "name": "autodesk-gain-privileges(24460)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24460" + }, + { + "name": "16472", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16472" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0050.json b/2009/0xxx/CVE-2009-0050.json index 73d047020bb..c774956fb58 100644 --- a/2009/0xxx/CVE-2009-0050.json +++ b/2009/0xxx/CVE-2009-0050.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499827/100/0/threaded" - }, - { - "name" : "http://www.ocert.org/advisories/ocert-2008-016.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2008-016.html" - }, - { - "name" : "openssl-dsa-verify-security-bypass(47837)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47837" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openssl-dsa-verify-security-bypass(47837)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47837" + }, + { + "name": "20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499827/100/0/threaded" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2008-016.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2008-016.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0169.json b/2009/0xxx/CVE-2009-0169.json index 2291afdf700..571bd0d226d 100644 --- a/2009/0xxx/CVE-2009-0169.json +++ b/2009/0xxx/CVE-2009-0169.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1" - }, - { - "name" : "249106", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-249106-1" - }, - { - "name" : "33266", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33266" - }, - { - "name" : "ADV-2009-0157", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0157" - }, - { - "name" : "1021604", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021604" - }, - { - "name" : "sun-jsam-subrealm-privilege-escalation(47944)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1021604", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021604" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1" + }, + { + "name": "ADV-2009-0157", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0157" + }, + { + "name": "249106", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-249106-1" + }, + { + "name": "33266", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33266" + }, + { + "name": "sun-jsam-subrealm-privilege-escalation(47944)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47944" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1147.json b/2009/1xxx/CVE-2009-1147.json index ea13e3870c2..c7cbe6da1d3 100644 --- a/2009/1xxx/CVE-2009-1147.json +++ b/2009/1xxx/CVE-2009-1147.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in vmci.sys in the Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 2.0.x before 2.0.1 build 156745 allows local users to gain privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2009/Apr/0036.html" - }, - { - "name" : "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2009/000054.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0005.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0005.html" - }, - { - "name" : "34373", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34373" - }, - { - "name" : "oval:org.mitre.oval:def:5471", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5471" - }, - { - "name" : "1021976", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021976" - }, - { - "name" : "ADV-2009-0944", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in vmci.sys in the Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 2.0.x before 2.0.1 build 156745 allows local users to gain privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:5471", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5471" + }, + { + "name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html" + }, + { + "name": "34373", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34373" + }, + { + "name": "ADV-2009-0944", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0944" + }, + { + "name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html" + }, + { + "name": "1021976", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021976" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1713.json b/2009/1xxx/CVE-2009-1713.json index d7a6ee31c2c..63033709700 100644 --- a/2009/1xxx/CVE-2009-1713.json +++ b/2009/1xxx/CVE-2009-1713.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1713", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1713", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3613", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3613" - }, - { - "name" : "APPLE-SA-2009-06-08-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-857-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-857-1" - }, - { - "name" : "35260", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35260" - }, - { - "name" : "54975", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54975" - }, - { - "name" : "35379", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35379" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2009-1522", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1522" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "safari-document-information-disclosure(51267)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51267" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "APPLE-SA-2009-06-08-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" + }, + { + "name": "safari-document-information-disclosure(51267)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51267" + }, + { + "name": "35260", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35260" + }, + { + "name": "54975", + "refsource": "OSVDB", + "url": "http://osvdb.org/54975" + }, + { + "name": "ADV-2009-1522", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1522" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "35379", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35379" + }, + { + "name": "USN-857-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-857-1" + }, + { + "name": "http://support.apple.com/kb/HT3613", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3613" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1811.json b/2009/1xxx/CVE-2009-1811.json index 0bc9040e59a..e23e9eb5c88 100644 --- a/2009/1xxx/CVE-2009-1811.json +++ b/2009/1xxx/CVE-2009-1811.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to inject arbitrary web script or HTML via (1) the Page parameter in a List action to modules/ereignis.php, (2) the Kontext parameter in a Search action to modules/kategorie.php, (3) the image parameter to modules/image.php, or (4) the ID parameter in a Detail action to modules/sitzung.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8708", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8708" - }, - { - "name" : "34998", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34998" - }, - { - "name" : "35136", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35136" - }, - { - "name" : "ADV-2009-1345", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to inject arbitrary web script or HTML via (1) the Page parameter in a List action to modules/ereignis.php, (2) the Kontext parameter in a Search action to modules/kategorie.php, (3) the image parameter to modules/image.php, or (4) the ID parameter in a Detail action to modules/sitzung.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35136", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35136" + }, + { + "name": "ADV-2009-1345", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1345" + }, + { + "name": "8708", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8708" + }, + { + "name": "34998", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34998" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4148.json b/2009/4xxx/CVE-2009-4148.json index 87196febbbb..07420beec16 100644 --- a/2009/4xxx/CVE-2009-4148.json +++ b/2009/4xxx/CVE-2009-4148.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a (1) .ds, (2) .dsa, (3) .dse, or (4) .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a \"script injection vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091203 CORE-2009-0911: DAZ Studio Arbitrary Command Execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508192/100/0/threaded" - }, - { - "name" : "http://www.coresecurity.com/content/dazstudio-scripting-injection", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/dazstudio-scripting-injection" - }, - { - "name" : "37176", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a (1) .ds, (2) .dsa, (3) .dse, or (4) .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a \"script injection vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37176", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37176" + }, + { + "name": "http://www.coresecurity.com/content/dazstudio-scripting-injection", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/dazstudio-scripting-injection" + }, + { + "name": "20091203 CORE-2009-0911: DAZ Studio Arbitrary Command Execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508192/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4540.json b/2009/4xxx/CVE-2009-4540.json index 3b80f315453..26e81bc46d5 100644 --- a/2009/4xxx/CVE-2009-4540.json +++ b/2009/4xxx/CVE-2009-4540.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9406", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9406" - }, - { - "name" : "36011", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36011" - }, - { - "name" : "minicms-page-sql-injection(52369)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52369" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9406", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9406" + }, + { + "name": "minicms-page-sql-injection(52369)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52369" + }, + { + "name": "36011", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36011" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4578.json b/2009/4xxx/CVE-2009-4578.json index 8965c9ce2b2..4af17b93268 100644 --- a/2009/4xxx/CVE-2009-4578.json +++ b/2009/4xxx/CVE-2009-4578.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Facileforms (com_facileforms) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0912-exploits/joomlafacileforms-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0912-exploits/joomlafacileforms-xss.txt" - }, - { - "name" : "10737", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10737" - }, - { - "name" : "37477", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37477" - }, - { - "name" : "facileforms-itemid-xss(55133)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55133" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Facileforms (com_facileforms) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10737", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10737" + }, + { + "name": "facileforms-itemid-xss(55133)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55133" + }, + { + "name": "37477", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37477" + }, + { + "name": "http://packetstormsecurity.org/0912-exploits/joomlafacileforms-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0912-exploits/joomlafacileforms-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4687.json b/2009/4xxx/CVE-2009-4687.json index f34d3eabc9b..49de733c030 100644 --- a/2009/4xxx/CVE-2009-4687.json +++ b/2009/4xxx/CVE-2009-4687.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4687", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in silentum_guestbook.php in Silentum Guestbook 2.0.2 allows remote attackers to execute arbitrary SQL commands via the messageid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9202", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9202" - }, - { - "name" : "silentum-silentumguestbook-sql-injection(51845)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51845" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in silentum_guestbook.php in Silentum Guestbook 2.0.2 allows remote attackers to execute arbitrary SQL commands via the messageid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9202", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9202" + }, + { + "name": "silentum-silentumguestbook-sql-injection(51845)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51845" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4818.json b/2009/4xxx/CVE-2009-4818.json index fd849cb1587..6da83118de3 100644 --- a/2009/4xxx/CVE-2009-4818.json +++ b/2009/4xxx/CVE-2009-4818.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in upload.php in PHPSimplicity Simplicity oF Upload 1.3.2 allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "10568", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10568" - }, - { - "name" : "37424", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37424" - }, - { - "name" : "simplicity-upload-file-upload(54952)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54952" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in upload.php in PHPSimplicity Simplicity oF Upload 1.3.2 allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "simplicity-upload-file-upload(54952)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54952" + }, + { + "name": "37424", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37424" + }, + { + "name": "10568", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10568" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5079.json b/2009/5xxx/CVE-2009-5079.json index 13f3f9c4665..ce48211fafd 100644 --- a/2009/5xxx/CVE-2009-5079.json +++ b/2009/5xxx/CVE-2009-5079.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2009/08/14/4" - }, - { - "name" : "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2009/08/14/5" - }, - { - "name" : "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff", - "refsource" : "CONFIRM", - "url" : "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff" - }, - { - "name" : "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1;r2=1.2;f=h", - "refsource" : "CONFIRM", - "url" : "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1;r2=1.2;f=h" - }, - { - "name" : "MDVSA-2013:085", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:085" - }, - { - "name" : "MDVSA-2013:086", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:086" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2009/08/14/4" + }, + { + "name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2009/08/14/5" + }, + { + "name": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1;r2=1.2;f=h", + "refsource": "CONFIRM", + "url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1;r2=1.2;f=h" + }, + { + "name": "MDVSA-2013:085", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:085" + }, + { + "name": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff", + "refsource": "CONFIRM", + "url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff" + }, + { + "name": "MDVSA-2013:086", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:086" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2178.json b/2012/2xxx/CVE-2012-2178.json index e45683fdb04..fe0a85d1116 100644 --- a/2012/2xxx/CVE-2012-2178.json +++ b/2012/2xxx/CVE-2012-2178.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2178", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2178", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2231.json b/2012/2xxx/CVE-2012-2231.json index 364247679de..a0fe4ab423b 100644 --- a/2012/2xxx/CVE-2012-2231.json +++ b/2012/2xxx/CVE-2012-2231.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2231", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2231", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2651.json b/2012/2xxx/CVE-2012-2651.json index d828cac83e5..f1def9630db 100644 --- a/2012/2xxx/CVE-2012-2651.json +++ b/2012/2xxx/CVE-2012-2651.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2651", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2651", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2723.json b/2012/2xxx/CVE-2012-2723.json index 1a93ba4e8fd..db92da7fd54 100644 --- a/2012/2xxx/CVE-2012-2723.json +++ b/2012/2xxx/CVE-2012-2723.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with maestro admin permissions to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/14/3" - }, - { - "name" : "http://drupal.org/node/1619830", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1619830" - }, - { - "name" : "http://drupal.org/node/1617952", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1617952" - }, - { - "name" : "http://drupalcode.org/project/maestro.git/commitdiff/c499971", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/maestro.git/commitdiff/c499971" - }, - { - "name" : "53836", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53836" - }, - { - "name" : "82713", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/82713" - }, - { - "name" : "49393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49393" - }, - { - "name" : "maestro-unspecified-xss(76145)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with maestro admin permissions to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53836", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53836" + }, + { + "name": "maestro-unspecified-xss(76145)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76145" + }, + { + "name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/14/3" + }, + { + "name": "http://drupalcode.org/project/maestro.git/commitdiff/c499971", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/maestro.git/commitdiff/c499971" + }, + { + "name": "49393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49393" + }, + { + "name": "http://drupal.org/node/1617952", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1617952" + }, + { + "name": "http://drupal.org/node/1619830", + "refsource": "MISC", + "url": "http://drupal.org/node/1619830" + }, + { + "name": "82713", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/82713" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3170.json b/2012/3xxx/CVE-2012-3170.json index 4fd715728fe..71d9580bc9f 100644 --- a/2012/3xxx/CVE-2012-3170.json +++ b/2012/3xxx/CVE-2012-3170.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Siebel Core - Server Infrastructure, a different vulnerability than CVE-2012-3169." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Siebel Core - Server Infrastructure, a different vulnerability than CVE-2012-3169." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3320.json b/2012/3xxx/CVE-2012-3320.json index 05419d0826f..e9c44a7ebdf 100644 --- a/2012/3xxx/CVE-2012-3320.json +++ b/2012/3xxx/CVE-2012-3320.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3320", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3320", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3393.json b/2012/3xxx/CVE-2012-3393.json index 2a5f3c81c03..b8c53add143 100644 --- a/2012/3xxx/CVE-2012-3393.json +++ b/2012/3xxx/CVE-2012-3393.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in repository/lib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 allows remote authenticated administrators to inject arbitrary web script or HTML by renaming a repository." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120717 Moodle security notifications public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2012/07/17/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-33808", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-33808" - }, - { - "name" : "54481", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54481" - }, - { - "name" : "49890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49890" - }, - { - "name" : "moodle-repositories-sec-bypass(76959)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76959" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in repository/lib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 allows remote authenticated administrators to inject arbitrary web script or HTML by renaming a repository." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-33808", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-33808" + }, + { + "name": "49890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49890" + }, + { + "name": "[oss-security] 20120717 Moodle security notifications public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2012/07/17/1" + }, + { + "name": "54481", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54481" + }, + { + "name": "moodle-repositories-sec-bypass(76959)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76959" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3554.json b/2012/3xxx/CVE-2012-3554.json index 224d07f67a9..2ab81b0968e 100644 --- a/2012/3xxx/CVE-2012-3554.json +++ b/2012/3xxx/CVE-2012-3554.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142", - "refsource" : "CONFIRM", - "url" : "http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142" - }, - { - "name" : "http://joomlacode.org/gf/project/rsgallery2/news/", - "refsource" : "CONFIRM", - "url" : "http://joomlacode.org/gf/project/rsgallery2/news/" - }, - { - "name" : "http://www.rsgallery2.nl/announcements/rsgallery2_3.2.0_and_2.3.0_released_16845.0.html", - "refsource" : "CONFIRM", - "url" : "http://www.rsgallery2.nl/announcements/rsgallery2_3.2.0_and_2.3.0_released_16845.0.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.rsgallery2.nl/announcements/rsgallery2_3.2.0_and_2.3.0_released_16845.0.html", + "refsource": "CONFIRM", + "url": "http://www.rsgallery2.nl/announcements/rsgallery2_3.2.0_and_2.3.0_released_16845.0.html" + }, + { + "name": "http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142", + "refsource": "CONFIRM", + "url": "http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142" + }, + { + "name": "http://joomlacode.org/gf/project/rsgallery2/news/", + "refsource": "CONFIRM", + "url": "http://joomlacode.org/gf/project/rsgallery2/news/" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6390.json b/2012/6xxx/CVE-2012-6390.json index 79ad6a0b986..47821f4b2c1 100644 --- a/2012/6xxx/CVE-2012-6390.json +++ b/2012/6xxx/CVE-2012-6390.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6390", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6390", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1302.json b/2015/1xxx/CVE-2015-1302.json index e9137a116fa..124b45f23a1 100644 --- a/2015/1xxx/CVE-2015-1302.json +++ b/2015/1xxx/CVE-2015-1302.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1302", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and out_of_process_instance.cc." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/11/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/11/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=520422", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=520422" - }, - { - "name" : "https://codereview.chromium.org/1316803003", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1316803003" - }, - { - "name" : "DSA-3415", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3415" - }, - { - "name" : "GLSA-201603-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-09" - }, - { - "name" : "RHSA-2015:1841", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1841.html" - }, - { - "name" : "openSUSE-SU-2015:2068", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00120.html" - }, - { - "name" : "openSUSE-SU-2015:2069", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00121.html" - }, - { - "name" : "77537", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77537" - }, - { - "name" : "1034132", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and out_of_process_instance.cc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:2069", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00121.html" + }, + { + "name": "RHSA-2015:1841", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1841.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=520422", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=520422" + }, + { + "name": "openSUSE-SU-2015:2068", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00120.html" + }, + { + "name": "https://codereview.chromium.org/1316803003", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1316803003" + }, + { + "name": "1034132", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034132" + }, + { + "name": "GLSA-201603-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-09" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/11/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/11/stable-channel-update.html" + }, + { + "name": "DSA-3415", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3415" + }, + { + "name": "77537", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77537" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5144.json b/2015/5xxx/CVE-2015-5144.json index 33d76fd04e4..7077ad0f94d 100644 --- a/2015/5xxx/CVE-2015-5144.json +++ b/2015/5xxx/CVE-2015-5144.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5144", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.djangoproject.com/weblog/2015/jul/08/security-releases/", - "refsource" : "CONFIRM", - "url" : "https://www.djangoproject.com/weblog/2015/jul/08/security-releases/" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "DSA-3305", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3305" - }, - { - "name" : "FEDORA-2015-1dd5bc998f", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html" - }, - { - "name" : "GLSA-201510-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201510-06" - }, - { - "name" : "openSUSE-SU-2015:1802", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html" - }, - { - "name" : "openSUSE-SU-2015:1813", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html" - }, - { - "name" : "USN-2671-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2671-1" - }, - { - "name" : "75665", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75665" - }, - { - "name" : "1032820", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032820" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2015-1dd5bc998f", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html" + }, + { + "name": "GLSA-201510-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201510-06" + }, + { + "name": "https://www.djangoproject.com/weblog/2015/jul/08/security-releases/", + "refsource": "CONFIRM", + "url": "https://www.djangoproject.com/weblog/2015/jul/08/security-releases/" + }, + { + "name": "openSUSE-SU-2015:1802", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html" + }, + { + "name": "openSUSE-SU-2015:1813", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html" + }, + { + "name": "DSA-3305", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3305" + }, + { + "name": "75665", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75665" + }, + { + "name": "USN-2671-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2671-1" + }, + { + "name": "1032820", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032820" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5202.json b/2015/5xxx/CVE-2015-5202.json index 6aa9d9fb0a5..b91a9fd36f8 100644 --- a/2015/5xxx/CVE-2015-5202.json +++ b/2015/5xxx/CVE-2015-5202.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5202", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat Satellite 6 allows remote authenticated users with privileged access on a content host to authenticate to the capsule broker or server broker." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1253884", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1253884" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat Satellite 6 allows remote authenticated users with privileged access on a content host to authenticate to the capsule broker or server broker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1253884", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1253884" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5212.json b/2015/5xxx/CVE-2015-5212.json index 79c365ab412..30fed40792c 100644 --- a/2015/5xxx/CVE-2015-5212.json +++ b/2015/5xxx/CVE-2015-5212.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting \"Load printer settings with the document\" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.libreoffice.org/about-us/security/advisories/cve-2015-5212/", - "refsource" : "CONFIRM", - "url" : "http://www.libreoffice.org/about-us/security/advisories/cve-2015-5212/" - }, - { - "name" : "http://www.openoffice.org/security/cves/CVE-2015-5212.html", - "refsource" : "CONFIRM", - "url" : "http://www.openoffice.org/security/cves/CVE-2015-5212.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "DSA-3394", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3394" - }, - { - "name" : "GLSA-201603-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-05" - }, - { - "name" : "GLSA-201611-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-03" - }, - { - "name" : "RHSA-2015:2619", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2619.html" - }, - { - "name" : "USN-2793-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2793-1" - }, - { - "name" : "77486", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77486" - }, - { - "name" : "1034085", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034085" - }, - { - "name" : "1034091", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034091" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting \"Load printer settings with the document\" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1034085", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034085" + }, + { + "name": "http://www.libreoffice.org/about-us/security/advisories/cve-2015-5212/", + "refsource": "CONFIRM", + "url": "http://www.libreoffice.org/about-us/security/advisories/cve-2015-5212/" + }, + { + "name": "GLSA-201611-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-03" + }, + { + "name": "1034091", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034091" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "RHSA-2015:2619", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2619.html" + }, + { + "name": "USN-2793-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2793-1" + }, + { + "name": "77486", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77486" + }, + { + "name": "http://www.openoffice.org/security/cves/CVE-2015-5212.html", + "refsource": "CONFIRM", + "url": "http://www.openoffice.org/security/cves/CVE-2015-5212.html" + }, + { + "name": "GLSA-201603-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-05" + }, + { + "name": "DSA-3394", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3394" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5223.json b/2015/5xxx/CVE-2015-5223.json index e5173ef6613..c499a2e4782 100644 --- a/2015/5xxx/CVE-2015-5223.json +++ b/2015/5xxx/CVE-2015-5223.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150826 Subject: [OSSA 2015-016] Information leak via Swift tempurls (CVE-2015-5223)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/08/26/5" - }, - { - "name" : "https://bugs.launchpad.net/swift/+bug/1449212", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/swift/+bug/1449212" - }, - { - "name" : "https://bugs.launchpad.net/swift/+bug/1453948", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/swift/+bug/1453948" - }, - { - "name" : "https://security.openstack.org/ossa/OSSA-2015-016.html", - "refsource" : "CONFIRM", - "url" : "https://security.openstack.org/ossa/OSSA-2015-016.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "RHSA-2015:1895", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1895.html" - }, - { - "name" : "RHSA-2016:0329", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0329.html" - }, - { - "name" : "SUSE-SU-2015:1846", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html" - }, - { - "name" : "84827", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84827" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:0329", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0329.html" + }, + { + "name": "SUSE-SU-2015:1846", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html" + }, + { + "name": "https://security.openstack.org/ossa/OSSA-2015-016.html", + "refsource": "CONFIRM", + "url": "https://security.openstack.org/ossa/OSSA-2015-016.html" + }, + { + "name": "RHSA-2015:1895", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1895.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "84827", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84827" + }, + { + "name": "https://bugs.launchpad.net/swift/+bug/1449212", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/swift/+bug/1449212" + }, + { + "name": "[oss-security] 20150826 Subject: [OSSA 2015-016] Information leak via Swift tempurls (CVE-2015-5223)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/08/26/5" + }, + { + "name": "https://bugs.launchpad.net/swift/+bug/1453948", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/swift/+bug/1453948" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5340.json b/2015/5xxx/CVE-2015-5340.json index de25d06439c..19057e14e3e 100644 --- a/2015/5xxx/CVE-2015-5340.json +++ b/2015/5xxx/CVE-2015-5340.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5340", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not consider the moodle/badges:viewbadges capability, which allows remote authenticated users to obtain sensitive badge information via a request involving (1) badges/overview.php or (2) badges/view.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5340", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51684", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51684" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=323235", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=323235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not consider the moodle/badges:viewbadges capability, which allows remote authenticated users to obtain sensitive badge information via a request involving (1) badges/overview.php or (2) badges/view.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51684", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51684" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=323235", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=323235" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5617.json b/2015/5xxx/CVE-2015-5617.json index 85a52e08641..720489be25c 100644 --- a/2015/5xxx/CVE-2015-5617.json +++ b/2015/5xxx/CVE-2015-5617.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5617", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5617", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2698.json b/2017/2xxx/CVE-2017-2698.json index 523c73deafd..914c4e09d1e 100644 --- a/2017/2xxx/CVE-2017-2698.json +++ b/2017/2xxx/CVE-2017-2698.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-2698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "P8", - "version" : { - "version_data" : [ - { - "version_value" : "Versions earlier than GRA-UL00C00B197" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ddr_devfreq driver in versions earlier than GRA-UL00C00B197 has buffer overflow vulnerability. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system or escalate privilege." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-2698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "P8", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than GRA-UL00C00B197" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-04-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-04-smartphone-en" - }, - { - "name" : "95664", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95664" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ddr_devfreq driver in versions earlier than GRA-UL00C00B197 has buffer overflow vulnerability. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system or escalate privilege." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95664", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95664" + }, + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-04-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-04-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11235.json b/2018/11xxx/CVE-2018-11235.json index 1b01c0731b4..67617992741 100644 --- a/2018/11xxx/CVE-2018-11235.json +++ b/2018/11xxx/CVE-2018-11235.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs \"git clone --recurse-submodules\" because submodule \"names\" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with \"../\" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44822", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44822/" - }, - { - "name" : "https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/", - "refsource" : "MISC", - "url" : "https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/" - }, - { - "name" : "https://marc.info/?l=git&m=152761328506724&w=2", - "refsource" : "MISC", - "url" : "https://marc.info/?l=git&m=152761328506724&w=2" - }, - { - "name" : "DSA-4212", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4212" - }, - { - "name" : "GLSA-201805-13", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201805-13" - }, - { - "name" : "RHSA-2018:1957", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1957" - }, - { - "name" : "RHSA-2018:2147", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2147" - }, - { - "name" : "USN-3671-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3671-1/" - }, - { - "name" : "104345", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104345" - }, - { - "name" : "1040991", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040991" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs \"git clone --recurse-submodules\" because submodule \"names\" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with \"../\" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44822", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44822/" + }, + { + "name": "RHSA-2018:2147", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2147" + }, + { + "name": "USN-3671-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3671-1/" + }, + { + "name": "https://marc.info/?l=git&m=152761328506724&w=2", + "refsource": "MISC", + "url": "https://marc.info/?l=git&m=152761328506724&w=2" + }, + { + "name": "1040991", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040991" + }, + { + "name": "RHSA-2018:1957", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1957" + }, + { + "name": "GLSA-201805-13", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201805-13" + }, + { + "name": "104345", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104345" + }, + { + "name": "https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/", + "refsource": "MISC", + "url": "https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/" + }, + { + "name": "DSA-4212", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4212" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11527.json b/2018/11xxx/CVE-2018-11527.json index ce2cf93a15e..7fd4717a171 100644 --- a/2018/11xxx/CVE-2018-11527.json +++ b/2018/11xxx/CVE-2018-11527.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in CScms v4.1. A Cross-site request forgery (CSRF) vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator's username and password via /admin.php/sys/editpass_save." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/fanyibo2009/cscms/blob/master/v4.1%20csrf", - "refsource" : "MISC", - "url" : "https://github.com/fanyibo2009/cscms/blob/master/v4.1%20csrf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in CScms v4.1. A Cross-site request forgery (CSRF) vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator's username and password via /admin.php/sys/editpass_save." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/fanyibo2009/cscms/blob/master/v4.1%20csrf", + "refsource": "MISC", + "url": "https://github.com/fanyibo2009/cscms/blob/master/v4.1%20csrf" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11802.json b/2018/11xxx/CVE-2018-11802.json index 8f440703844..9fa6dbe5873 100644 --- a/2018/11xxx/CVE-2018-11802.json +++ b/2018/11xxx/CVE-2018-11802.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11802", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11802", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11870.json b/2018/11xxx/CVE-2018-11870.json index 792cbbf4a9f..b360a74ea27 100644 --- a/2018/11xxx/CVE-2018-11870.json +++ b/2018/11xxx/CVE-2018-11870.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overwrite can occur when the legacy rates count received from the host is not checked against the maximum number of legacy rates in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy Without Checking Size of Input in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overwrite can occur when the legacy rates count received from the host is not checked against the maximum number of legacy rates in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy Without Checking Size of Input in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11884.json b/2018/11xxx/CVE-2018-11884.json index e12ae40e147..17487efe725 100644 --- a/2018/11xxx/CVE-2018-11884.json +++ b/2018/11xxx/CVE-2018-11884.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "SD 835, SD 845, SD 850, SDA660" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improper input validation leads to buffer overflow while processing network list offload command in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy Without Checking Size of Input in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "SD 835, SD 845, SD 850, SDA660" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper input validation leads to buffer overflow while processing network list offload command in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy Without Checking Size of Input in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11953.json b/2018/11xxx/CVE-2018-11953.json index 722d1967a7d..0c8ce63ae18 100644 --- a/2018/11xxx/CVE-2018-11953.json +++ b/2018/11xxx/CVE-2018-11953.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11953", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11953", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15849.json b/2018/15xxx/CVE-2018-15849.json index 720612faae6..f6744f3bd25 100644 --- a/2018/15xxx/CVE-2018-15849.json +++ b/2018/15xxx/CVE-2018-15849.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15849", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update the website settings via admin/aboutus.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Westbrookadmin/portfolioCMS/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/Westbrookadmin/portfolioCMS/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update the website settings via admin/aboutus.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Westbrookadmin/portfolioCMS/issues/1", + "refsource": "MISC", + "url": "https://github.com/Westbrookadmin/portfolioCMS/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15884.json b/2018/15xxx/CVE-2018-15884.json index d8bc1917df4..5e9177fdf52 100644 --- a/2018/15xxx/CVE-2018-15884.json +++ b/2018/15xxx/CVE-2018-15884.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45264", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45264/" - }, - { - "name" : "http://packetstormsecurity.com/files/149082/RICOH-MP-C4504ex-Cross-Site-Request-Forgery.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/149082/RICOH-MP-C4504ex-Cross-Site-Request-Forgery.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/149082/RICOH-MP-C4504ex-Cross-Site-Request-Forgery.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/149082/RICOH-MP-C4504ex-Cross-Site-Request-Forgery.html" + }, + { + "name": "45264", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45264/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15897.json b/2018/15xxx/CVE-2018-15897.json index 6860f56f039..68b4e4fe30f 100644 --- a/2018/15xxx/CVE-2018-15897.json +++ b/2018/15xxx/CVE-2018-15897.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP Scripts Mall Website Seller Script 2.0.5 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, Company Name, or Fax field, as demonstrated by crossPwn." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gkaim.com/cve-2018-15897-vikas-chaudhary/", - "refsource" : "MISC", - "url" : "https://gkaim.com/cve-2018-15897-vikas-chaudhary/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Scripts Mall Website Seller Script 2.0.5 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, Company Name, or Fax field, as demonstrated by crossPwn." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gkaim.com/cve-2018-15897-vikas-chaudhary/", + "refsource": "MISC", + "url": "https://gkaim.com/cve-2018-15897-vikas-chaudhary/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15971.json b/2018/15xxx/CVE-2018-15971.json index b71e831ae09..c9eb9a98d7b 100644 --- a/2018/15xxx/CVE-2018-15971.json +++ b/2018/15xxx/CVE-2018-15971.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-15971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Experience Manager", - "version" : { - "version_data" : [ - { - "version_value" : "6.4, 6.3, 6.2, 6.1, and 6.0 versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Reflected Cross-site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-15971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Experience Manager", + "version": { + "version_data": [ + { + "version_value": "6.4, 6.3, 6.2, 6.1, and 6.0 versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/experience-manager/apsb18-36.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/experience-manager/apsb18-36.html" - }, - { - "name" : "105575", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105575" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reflected Cross-site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105575", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105575" + }, + { + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb18-36.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb18-36.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15986.json b/2018/15xxx/CVE-2018-15986.json index b9142e4f8fb..1239e1e84b4 100644 --- a/2018/15xxx/CVE-2018-15986.json +++ b/2018/15xxx/CVE-2018-15986.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-15986", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-15986", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" - }, - { - "name" : "106160", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" + }, + { + "name": "106160", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106160" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3264.json b/2018/3xxx/CVE-2018-3264.json index 61dfdf0f8ba..d307b451b37 100644 --- a/2018/3xxx/CVE-2018-3264.json +++ b/2018/3xxx/CVE-2018-3264.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3264", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Solaris Operating System", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 4.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3264", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105605", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105605" - }, - { - "name" : "1041895", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 4.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041895", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041895" + }, + { + "name": "105605", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105605" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3807.json b/2018/3xxx/CVE-2018-3807.json index 2b81acd248e..9a651a66b07 100644 --- a/2018/3xxx/CVE-2018-3807.json +++ b/2018/3xxx/CVE-2018-3807.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3807", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3807", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8403.json b/2018/8xxx/CVE-2018-8403.json index 83ad0d2ca08..7b11b04169c 100644 --- a/2018/8xxx/CVE-2018-8403.json +++ b/2018/8xxx/CVE-2018-8403.json @@ -1,161 +1,161 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8403", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Internet Explorer 11", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "Windows 8.1 for x64-based systems" - }, - { - "version_value" : "Windows RT 8.1" - }, - { - "version_value" : "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows Server 2012 R2" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "Internet Explorer 10", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2012" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka \"Microsoft Browser Memory Corruption Vulnerability.\" This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "Internet Explorer 10", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2012" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8403", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8403" - }, - { - "name" : "105033", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105033" - }, - { - "name" : "1041457", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041457" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka \"Microsoft Browser Memory Corruption Vulnerability.\" This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041457", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041457" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8403", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8403" + }, + { + "name": "105033", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105033" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8705.json b/2018/8xxx/CVE-2018-8705.json index f0f96c7a4bf..9767dbfeac3 100644 --- a/2018/8xxx/CVE-2018-8705.json +++ b/2018/8xxx/CVE-2018-8705.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8705", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8705", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8998.json b/2018/8xxx/CVE-2018-8998.json index 4156e7afc6d..3eecea7fa96 100644 --- a/2018/8xxx/CVE-2018-8998.json +++ b/2018/8xxx/CVE-2018-8998.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Advanced%20SystemCare%20Utimate/Monitor_win7_x86.sys-0x9c4060cc", - "refsource" : "MISC", - "url" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Advanced%20SystemCare%20Utimate/Monitor_win7_x86.sys-0x9c4060cc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/D0neMkj/POC_BSOD/tree/master/Advanced%20SystemCare%20Utimate/Monitor_win7_x86.sys-0x9c4060cc", + "refsource": "MISC", + "url": "https://github.com/D0neMkj/POC_BSOD/tree/master/Advanced%20SystemCare%20Utimate/Monitor_win7_x86.sys-0x9c4060cc" + } + ] + } +} \ No newline at end of file