diff --git a/1999/0xxx/CVE-1999-0039.json b/1999/0xxx/CVE-1999-0039.json index de756de7857..c8bb4fcd4eb 100644 --- a/1999/0xxx/CVE-1999-0039.json +++ b/1999/0xxx/CVE-1999-0039.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CA-1997-12", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-1997-12.html" - }, - { - "name" : "19970501-02-PX", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX" - }, - { - "name" : "374", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/374" - }, - { - "name" : "235", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/235" - }, - { - "name" : "http-sgi-webdist(333)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/333" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19970501-02-PX", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX" + }, + { + "name": "http-sgi-webdist(333)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/333" + }, + { + "name": "CA-1997-12", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-1997-12.html" + }, + { + "name": "374", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/374" + }, + { + "name": "235", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/235" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1493.json b/1999/1xxx/CVE-1999-1493.json index 5b377c32468..c3df7a8d6cd 100644 --- a/1999/1xxx/CVE-1999-1493.json +++ b/1999/1xxx/CVE-1999-1493.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in crp in Hewlett Packard Apollo Domain OS SR10 through SR10.3 allows remote attackers to gain root privileges via insecure system calls, (1) pad_$dm_cmd and (2) pad_$def_pfk()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CA-1991-23", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-1991-23.html" - }, - { - "name" : "34", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34" - }, - { - "name" : "apollo-crp-root-access(7158)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in crp in Hewlett Packard Apollo Domain OS SR10 through SR10.3 allows remote attackers to gain root privileges via insecure system calls, (1) pad_$dm_cmd and (2) pad_$def_pfk()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "apollo-crp-root-access(7158)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7158" + }, + { + "name": "CA-1991-23", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-1991-23.html" + }, + { + "name": "34", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1052.json b/2000/1xxx/CVE-2000-1052.json index f53c95f30b4..7ac86c00458 100644 --- a/2000/1xxx/CVE-2000-1052.json +++ b/2000/1xxx/CVE-2000-1052.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by directly calling the SSIFilter servlet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001023 Allaire JRUN 2.3 Arbitrary File Retrieval", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=97236692714978&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by directly calling the SSIFilter servlet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20001023 Allaire JRUN 2.3 Arbitrary File Retrieval", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=97236692714978&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2623.json b/2005/2xxx/CVE-2005-2623.json index 19c2db7d234..f5764f82774 100644 --- a/2005/2xxx/CVE-2005-2623.json +++ b/2005/2xxx/CVE-2005-2623.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2623", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of their shopping cart by specifying a negative quantity for an item, which causes the price of the item to be subtracted from the total cost." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050815 [NOBYTES.COM: #9] ECW Shop 6.0.2 - Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112421209919985&w=2" - }, - { - "name" : "1014734", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014734" - }, - { - "name" : "16459", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of their shopping cart by specifying a negative quantity for an item, which causes the price of the item to be subtracted from the total cost." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050815 [NOBYTES.COM: #9] ECW Shop 6.0.2 - Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112421209919985&w=2" + }, + { + "name": "1014734", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014734" + }, + { + "name": "16459", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16459" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2629.json b/2005/2xxx/CVE-2005-2629.json index 6d655583f8a..0194fc260e1 100644 --- a/2005/2xxx/CVE-2005-2629.json +++ b/2005/2xxx/CVE-2005-2629.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2629", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, which leads to a stack-based buffer overflow, a different vulnerability than CVE-2004-1481." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://service.real.com/help/faq/security/051110_player/EN/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/help/faq/security/051110_player/EN/" - }, - { - "name" : "AD20051110a", - "refsource" : "EEYE", - "url" : "http://www.eeye.com/html/research/advisories/AD20051110a.html" - }, - { - "name" : "EEYEB20050510", - "refsource" : "EEYE", - "url" : "http://marc.info/?l=bugtraq&m=113166476423021&w=2" - }, - { - "name" : "DSA-915", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-915" - }, - { - "name" : "15381", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15381/" - }, - { - "name" : "oval:org.mitre.oval:def:9550", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9550" - }, - { - "name" : "1015184", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015184" - }, - { - "name" : "1015185", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015185" - }, - { - "name" : "1015186", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015186" - }, - { - "name" : "17514", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17514/" - }, - { - "name" : "17860", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17860" - }, - { - "name" : "17559", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17559" - }, - { - "name" : "169", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/169" - }, - { - "name" : "realplayer-rm-datapacket-bo(23024)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23024" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, which leads to a stack-based buffer overflow, a different vulnerability than CVE-2004-1481." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "169", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/169" + }, + { + "name": "1015186", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015186" + }, + { + "name": "AD20051110a", + "refsource": "EEYE", + "url": "http://www.eeye.com/html/research/advisories/AD20051110a.html" + }, + { + "name": "1015184", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015184" + }, + { + "name": "17559", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17559" + }, + { + "name": "EEYEB20050510", + "refsource": "EEYE", + "url": "http://marc.info/?l=bugtraq&m=113166476423021&w=2" + }, + { + "name": "17514", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17514/" + }, + { + "name": "15381", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15381/" + }, + { + "name": "http://service.real.com/help/faq/security/051110_player/EN/", + "refsource": "CONFIRM", + "url": "http://service.real.com/help/faq/security/051110_player/EN/" + }, + { + "name": "DSA-915", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-915" + }, + { + "name": "oval:org.mitre.oval:def:9550", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9550" + }, + { + "name": "17860", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17860" + }, + { + "name": "1015185", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015185" + }, + { + "name": "realplayer-rm-datapacket-bo(23024)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23024" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2860.json b/2005/2xxx/CVE-2005-2860.json index 63607c601d6..383b65b16f7 100644 --- a/2005/2xxx/CVE-2005-2860.json +++ b/2005/2xxx/CVE-2005-2860.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2860", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050901 CYBSEC - Multiple Vendor Web Vulnerability Scanner Arbitrary Script Injection Vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://seclists.org/lists/vulnwatch/2005/Jul-Sep/0032.html" - }, - { - "name" : "20050901 CYBSEC - Multiple Vendor Web Vulnerability Scanner Arbitrary Script", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112561344400914&w=2" - }, - { - "name" : "http://www.cybsec.com/vuln/010905-multiple_webscanner_script_injection.pdf", - "refsource" : "MISC", - "url" : "http://www.cybsec.com/vuln/010905-multiple_webscanner_script_injection.pdf" - }, - { - "name" : "14717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14717" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14717" + }, + { + "name": "20050901 CYBSEC - Multiple Vendor Web Vulnerability Scanner Arbitrary Script Injection Vulnerability", + "refsource": "VULNWATCH", + "url": "http://seclists.org/lists/vulnwatch/2005/Jul-Sep/0032.html" + }, + { + "name": "http://www.cybsec.com/vuln/010905-multiple_webscanner_script_injection.pdf", + "refsource": "MISC", + "url": "http://www.cybsec.com/vuln/010905-multiple_webscanner_script_injection.pdf" + }, + { + "name": "20050901 CYBSEC - Multiple Vendor Web Vulnerability Scanner Arbitrary Script", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112561344400914&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2917.json b/2005/2xxx/CVE-2005-2917.json index 83ca610ad4d..6873ec879ff 100644 --- a/2005/2xxx/CVE-2005-2917.json +++ b/2005/2xxx/CVE-2005-2917.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-2917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-828", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-828" - }, - { - "name" : "FLSA-2006:152809", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/updates/FEDORA--.shtml" - }, - { - "name" : "MDKSA-2005:181", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:181" - }, - { - "name" : "RHSA-2006:0045", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0045.html" - }, - { - "name" : "RHSA-2006:0052", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0052.html" - }, - { - "name" : "SCOSA-2005.49", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" - }, - { - "name" : "20060401-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U" - }, - { - "name" : "SUSE-SR:2005:027", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_27_sr.html" - }, - { - "name" : "USN-192-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-192-1/" - }, - { - "name" : "14977", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14977" - }, - { - "name" : "19607", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19607" - }, - { - "name" : "oval:org.mitre.oval:def:11580", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11580" - }, - { - "name" : "1014920", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014920" - }, - { - "name" : "16992", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16992" - }, - { - "name" : "17015", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17015" - }, - { - "name" : "19161", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19161" - }, - { - "name" : "17050", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17050" - }, - { - "name" : "17177", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17177" - }, - { - "name" : "19532", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19532" - }, - { - "name" : "squid-ntlm-authentication-dos(24282)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-192-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-192-1/" + }, + { + "name": "1014920", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014920" + }, + { + "name": "20060401-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U" + }, + { + "name": "SCOSA-2005.49", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" + }, + { + "name": "16992", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16992" + }, + { + "name": "14977", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14977" + }, + { + "name": "19607", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19607" + }, + { + "name": "MDKSA-2005:181", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:181" + }, + { + "name": "squid-ntlm-authentication-dos(24282)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24282" + }, + { + "name": "FLSA-2006:152809", + "refsource": "FEDORA", + "url": "http://fedoranews.org/updates/FEDORA--.shtml" + }, + { + "name": "17050", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17050" + }, + { + "name": "RHSA-2006:0052", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0052.html" + }, + { + "name": "oval:org.mitre.oval:def:11580", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11580" + }, + { + "name": "19532", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19532" + }, + { + "name": "17177", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17177" + }, + { + "name": "19161", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19161" + }, + { + "name": "17015", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17015" + }, + { + "name": "RHSA-2006:0045", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0045.html" + }, + { + "name": "DSA-828", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-828" + }, + { + "name": "SUSE-SR:2005:027", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3539.json b/2005/3xxx/CVE-2005-3539.json index 5bfce9e47b7..46bc8daf762 100644 --- a/2005/3xxx/CVE-2005-3539.json +++ b/2005/3xxx/CVE-2005-3539.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-3539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060105 HylaFAX Security advisory - fixed in HylaFAX 4.2.4", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420974/100/0/threaded" - }, - { - "name" : "http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=719", - "refsource" : "MISC", - "url" : "http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=719" - }, - { - "name" : "http://www.hylafax.org/content/HylaFAX_4.2.4_release", - "refsource" : "CONFIRM", - "url" : "http://www.hylafax.org/content/HylaFAX_4.2.4_release" - }, - { - "name" : "DSA-933", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-933" - }, - { - "name" : "GLSA-200601-03", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200601-03.xml" - }, - { - "name" : "MDKSA-2006:015", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:015" - }, - { - "name" : "16151", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16151" - }, - { - "name" : "ADV-2006-0072", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0072" - }, - { - "name" : "18314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18314" - }, - { - "name" : "18337", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18337" - }, - { - "name" : "18366", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18366" - }, - { - "name" : "18489", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18489" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18314" + }, + { + "name": "16151", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16151" + }, + { + "name": "18366", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18366" + }, + { + "name": "18337", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18337" + }, + { + "name": "http://www.hylafax.org/content/HylaFAX_4.2.4_release", + "refsource": "CONFIRM", + "url": "http://www.hylafax.org/content/HylaFAX_4.2.4_release" + }, + { + "name": "GLSA-200601-03", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-03.xml" + }, + { + "name": "18489", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18489" + }, + { + "name": "DSA-933", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-933" + }, + { + "name": "20060105 HylaFAX Security advisory - fixed in HylaFAX 4.2.4", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420974/100/0/threaded" + }, + { + "name": "http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=719", + "refsource": "MISC", + "url": "http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=719" + }, + { + "name": "ADV-2006-0072", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0072" + }, + { + "name": "MDKSA-2006:015", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:015" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3636.json b/2005/3xxx/CVE-2005-3636.json index 8f53791ff75..7ffbc84dc86 100644 --- a/2005/3xxx/CVE-2005-3636.json +++ b/2005/3xxx/CVE-2005-3636.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051109 CYBSEC - Security Advisory: Multiple XSS in SAP WAS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113156601505542&w=2" - }, - { - "name" : "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf", - "refsource" : "MISC", - "url" : "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf" - }, - { - "name" : "15361", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15361" - }, - { - "name" : "ADV-2005-2361", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2361" - }, - { - "name" : "20715", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20715" - }, - { - "name" : "1015174", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2005/Nov/1015174.html" - }, - { - "name" : "17515", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17515/" - }, - { - "name" : "162", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/162" - }, - { - "name" : "sap-error-message-script-injection(23029)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf", + "refsource": "MISC", + "url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf" + }, + { + "name": "162", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/162" + }, + { + "name": "15361", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15361" + }, + { + "name": "sap-error-message-script-injection(23029)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23029" + }, + { + "name": "20715", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20715" + }, + { + "name": "17515", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17515/" + }, + { + "name": "1015174", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2005/Nov/1015174.html" + }, + { + "name": "ADV-2005-2361", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2361" + }, + { + "name": "20051109 CYBSEC - Security Advisory: Multiple XSS in SAP WAS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113156601505542&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4561.json b/2005/4xxx/CVE-2005-4561.json index 0bb371af525..92889e93e09 100644 --- a/2005/4xxx/CVE-2005-4561.json +++ b/2005/4xxx/CVE-2005-4561.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4561", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was assigned in 2005 to an issue that would not be published until 2006, so new identifiers were assigned. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-4561", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was assigned in 2005 to an issue that would not be published until 2006, so new identifiers were assigned. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2565.json b/2009/2xxx/CVE-2009-2565.json index 2e4d8f3e8d8..dbf30c0ef86 100644 --- a/2009/2xxx/CVE-2009-2565.json +++ b/2009/2xxx/CVE-2009-2565.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Perl CGI's By Mrs. Shiromuku shiromuku(fs6)DIARY 2.40 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.t-okada.com/cgi-bin/s_news/s_news.cgi?action=show_detail&txtnumber=log&mynum=345", - "refsource" : "CONFIRM", - "url" : "http://www.t-okada.com/cgi-bin/s_news/s_news.cgi?action=show_detail&txtnumber=log&mynum=345" - }, - { - "name" : "JVN#31110006", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN31110006/index.html" - }, - { - "name" : "JVNDB-2009-000048", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000048.html" - }, - { - "name" : "35806", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35806" - }, - { - "name" : "shiromuku-unspecified-xss(51696)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Perl CGI's By Mrs. Shiromuku shiromuku(fs6)DIARY 2.40 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.t-okada.com/cgi-bin/s_news/s_news.cgi?action=show_detail&txtnumber=log&mynum=345", + "refsource": "CONFIRM", + "url": "http://www.t-okada.com/cgi-bin/s_news/s_news.cgi?action=show_detail&txtnumber=log&mynum=345" + }, + { + "name": "35806", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35806" + }, + { + "name": "JVN#31110006", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN31110006/index.html" + }, + { + "name": "shiromuku-unspecified-xss(51696)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51696" + }, + { + "name": "JVNDB-2009-000048", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000048.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2897.json b/2009/2xxx/CVE-2009-2897.json index 3adbbd3e891..218a6724df9 100644 --- a/2009/2xxx/CVE-2009-2897.json +++ b/2009/2xxx/CVE-2009-2897.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in hq/web/common/GenericError.jsp in the generic exception handler in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite (AMS) 2.0.0.SR3; and tc Server 6.0.20.B allow remote attackers to inject arbitrary web script or HTML via invalid values for numerical parameters, as demonstrated by an uncaught java.lang.NumberFormatException exception resulting from (1) the typeId parameter to mastheadAttach.do, (2) the eid parameter to Resource.do, and (3) the u parameter in a view action to admin/user/UserAdmin.do. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-2897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091002 CVE-2009-2897: Hyperic HQ - Reflected XSS in stack trace", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/506936/100/0/threaded" - }, - { - "name" : "20091003 CORE-2009-0812-Hyperic HQ Multiple XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/506935/100/0/threaded" - }, - { - "name" : "http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=advisory&name=Hyperic_HQ_Multiple_XSS", - "refsource" : "MISC", - "url" : "http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=advisory&name=Hyperic_HQ_Multiple_XSS" - }, - { - "name" : "http://www.coresecurity.com/content/hyperic-hq-vulnerabilities", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/hyperic-hq-vulnerabilities" - }, - { - "name" : "http://forums.hyperic.com/jiveforums/thread.jspa?messageID=22156嚌", - "refsource" : "CONFIRM", - "url" : "http://forums.hyperic.com/jiveforums/thread.jspa?messageID=22156嚌" - }, - { - "name" : "http://jira.hyperic.com/browse/HHQ-2655", - "refsource" : "CONFIRM", - "url" : "http://jira.hyperic.com/browse/HHQ-2655" - }, - { - "name" : "http://www.springsource.com/security/hyperic-hq", - "refsource" : "CONFIRM", - "url" : "http://www.springsource.com/security/hyperic-hq" - }, - { - "name" : "58608", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/58608" - }, - { - "name" : "58609", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/58609" - }, - { - "name" : "58610", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/58610" - }, - { - "name" : "36935", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36935" - }, - { - "name" : "hyperichq-mastheadattach-xss(53658)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in hq/web/common/GenericError.jsp in the generic exception handler in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite (AMS) 2.0.0.SR3; and tc Server 6.0.20.B allow remote attackers to inject arbitrary web script or HTML via invalid values for numerical parameters, as demonstrated by an uncaught java.lang.NumberFormatException exception resulting from (1) the typeId parameter to mastheadAttach.do, (2) the eid parameter to Resource.do, and (3) the u parameter in a view action to admin/user/UserAdmin.do. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.coresecurity.com/content/hyperic-hq-vulnerabilities", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/hyperic-hq-vulnerabilities" + }, + { + "name": "http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=advisory&name=Hyperic_HQ_Multiple_XSS", + "refsource": "MISC", + "url": "http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=advisory&name=Hyperic_HQ_Multiple_XSS" + }, + { + "name": "58609", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/58609" + }, + { + "name": "20091003 CORE-2009-0812-Hyperic HQ Multiple XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/506935/100/0/threaded" + }, + { + "name": "http://www.springsource.com/security/hyperic-hq", + "refsource": "CONFIRM", + "url": "http://www.springsource.com/security/hyperic-hq" + }, + { + "name": "36935", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36935" + }, + { + "name": "hyperichq-mastheadattach-xss(53658)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53658" + }, + { + "name": "58610", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/58610" + }, + { + "name": "20091002 CVE-2009-2897: Hyperic HQ - Reflected XSS in stack trace", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/506936/100/0/threaded" + }, + { + "name": "http://jira.hyperic.com/browse/HHQ-2655", + "refsource": "CONFIRM", + "url": "http://jira.hyperic.com/browse/HHQ-2655" + }, + { + "name": "http://forums.hyperic.com/jiveforums/thread.jspa?messageID=22156嚌", + "refsource": "CONFIRM", + "url": "http://forums.hyperic.com/jiveforums/thread.jspa?messageID=22156嚌" + }, + { + "name": "58608", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/58608" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3194.json b/2009/3xxx/CVE-2009-3194.json index 90ba6837c66..28cf6356908 100644 --- a/2009/3xxx/CVE-2009-3194.json +++ b/2009/3xxx/CVE-2009-3194.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech SearchFeed Script allows remote attackers to inject arbitrary web script or HTML via the search parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0908-exploits/searchfeed-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0908-exploits/searchfeed-xss.txt" - }, - { - "name" : "36482", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36482" - }, - { - "name" : "ADV-2009-2439", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2439" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech SearchFeed Script allows remote attackers to inject arbitrary web script or HTML via the search parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0908-exploits/searchfeed-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0908-exploits/searchfeed-xss.txt" + }, + { + "name": "ADV-2009-2439", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2439" + }, + { + "name": "36482", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36482" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3216.json b/2009/3xxx/CVE-2009-3216.json index 5e1c2ea8989..da8c58c4aaa 100644 --- a/2009/3xxx/CVE-2009-3216.json +++ b/2009/3xxx/CVE-2009-3216.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in iWiccle 1.01, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the show parameter to the admin module, reachable through index.php; or (2) the module parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9266", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9266" - }, - { - "name" : "36015", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36015" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in iWiccle 1.01, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the show parameter to the admin module, reachable through index.php; or (2) the module parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36015", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36015" + }, + { + "name": "9266", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9266" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3606.json b/2009/3xxx/CVE-2009-3606.json index 144a4ec792e..b6d628c9050 100644 --- a/2009/3xxx/CVE-2009-3606.json +++ b/2009/3xxx/CVE-2009-3606.json @@ -1,267 +1,267 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20091130 Need more information on recent poppler issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/12/01/1" - }, - { - "name" : "[oss-security] 20091130 Re: Need more information on recent poppler issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/12/01/5" - }, - { - "name" : "[oss-security] 20091201 Re: Need more information on recent poppler issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/12/01/6" - }, - { - "name" : "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch" - }, - { - "name" : "http://cgit.freedesktop.org/poppler/poppler/diff/poppler/PSOutputDev.cc?id=7b2d314a61", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/poppler/poppler/diff/poppler/PSOutputDev.cc?id=7b2d314a61" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=526877", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=526877" - }, - { - "name" : "DSA-1941", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1941" - }, - { - "name" : "DSA-2028", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2028" - }, - { - "name" : "DSA-2050", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2050" - }, - { - "name" : "FEDORA-2009-10823", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html" - }, - { - "name" : "FEDORA-2009-10845", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html" - }, - { - "name" : "FEDORA-2010-1377", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html" - }, - { - "name" : "FEDORA-2010-1805", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html" - }, - { - "name" : "FEDORA-2010-1842", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html" - }, - { - "name" : "MDVSA-2009:287", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287" - }, - { - "name" : "MDVSA-2010:087", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087" - }, - { - "name" : "MDVSA-2011:175", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175" - }, - { - "name" : "RHSA-2009:1500", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1500.html" - }, - { - "name" : "RHSA-2009:1501", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1501.html" - }, - { - "name" : "RHSA-2009:1502", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1502.html" - }, - { - "name" : "274030", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1" - }, - { - "name" : "1021706", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1" - }, - { - "name" : "SUSE-SR:2009:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" - }, - { - "name" : "36703", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36703" - }, - { - "name" : "oval:org.mitre.oval:def:11289", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11289" - }, - { - "name" : "oval:org.mitre.oval:def:7836", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7836" - }, - { - "name" : "1023029", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023029" - }, - { - "name" : "37023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37023" - }, - { - "name" : "37037", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37037" - }, - { - "name" : "37042", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37042" - }, - { - "name" : "37043", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37043" - }, - { - "name" : "37053", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37053" - }, - { - "name" : "37077", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37077" - }, - { - "name" : "37159", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37159" - }, - { - "name" : "39327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39327" - }, - { - "name" : "39938", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39938" - }, - { - "name" : "ADV-2009-2924", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2924" - }, - { - "name" : "ADV-2009-2928", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2928" - }, - { - "name" : "ADV-2010-0802", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0802" - }, - { - "name" : "ADV-2010-1040", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1040" - }, - { - "name" : "ADV-2010-1220", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1220" - }, - { - "name" : "xpdf-psoutputdev-bo(53798)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39938", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39938" + }, + { + "name": "37042", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37042" + }, + { + "name": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch", + "refsource": "CONFIRM", + "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch" + }, + { + "name": "DSA-1941", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1941" + }, + { + "name": "MDVSA-2009:287", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287" + }, + { + "name": "[oss-security] 20091201 Re: Need more information on recent poppler issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/12/01/6" + }, + { + "name": "FEDORA-2010-1377", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html" + }, + { + "name": "FEDORA-2009-10823", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html" + }, + { + "name": "http://cgit.freedesktop.org/poppler/poppler/diff/poppler/PSOutputDev.cc?id=7b2d314a61", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/poppler/poppler/diff/poppler/PSOutputDev.cc?id=7b2d314a61" + }, + { + "name": "RHSA-2009:1501", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html" + }, + { + "name": "SUSE-SR:2009:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" + }, + { + "name": "DSA-2028", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2028" + }, + { + "name": "DSA-2050", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2050" + }, + { + "name": "oval:org.mitre.oval:def:11289", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11289" + }, + { + "name": "[oss-security] 20091130 Need more information on recent poppler issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/12/01/1" + }, + { + "name": "37159", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37159" + }, + { + "name": "FEDORA-2010-1805", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html" + }, + { + "name": "1021706", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1" + }, + { + "name": "FEDORA-2009-10845", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html" + }, + { + "name": "oval:org.mitre.oval:def:7836", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7836" + }, + { + "name": "37077", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37077" + }, + { + "name": "1023029", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023029" + }, + { + "name": "xpdf-psoutputdev-bo(53798)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53798" + }, + { + "name": "MDVSA-2011:175", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175" + }, + { + "name": "37037", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37037" + }, + { + "name": "ADV-2010-1040", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1040" + }, + { + "name": "ADV-2010-0802", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0802" + }, + { + "name": "RHSA-2009:1502", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html" + }, + { + "name": "FEDORA-2010-1842", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html" + }, + { + "name": "RHSA-2009:1500", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1500.html" + }, + { + "name": "ADV-2009-2928", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2928" + }, + { + "name": "37023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37023" + }, + { + "name": "[oss-security] 20091130 Re: Need more information on recent poppler issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/12/01/5" + }, + { + "name": "ADV-2009-2924", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2924" + }, + { + "name": "MDVSA-2010:087", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087" + }, + { + "name": "274030", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1" + }, + { + "name": "ADV-2010-1220", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1220" + }, + { + "name": "37053", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37053" + }, + { + "name": "39327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39327" + }, + { + "name": "37043", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37043" + }, + { + "name": "36703", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36703" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=526877", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526877" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4209.json b/2009/4xxx/CVE-2009-4209.json index 7cd45f5afff..5305901ea7e 100644 --- a/2009/4xxx/CVE-2009-4209.json +++ b/2009/4xxx/CVE-2009-4209.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in moziloCMS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) file parameters in an editsite action, different vectors than CVE-2008-6127 and CVE-2009-1367." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090603 [InterN0T] moziloCMS 1.11.1 - XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504091/100/0/threaded" - }, - { - "name" : "35212", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in moziloCMS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) file parameters in an editsite action, different vectors than CVE-2008-6127 and CVE-2009-1367." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090603 [InterN0T] moziloCMS 1.11.1 - XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504091/100/0/threaded" + }, + { + "name": "35212", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35212" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4307.json b/2009/4xxx/CVE-2009-4307.json index d0f66f0cb90..f17ac79c8b3 100644 --- a/2009/4xxx/CVE-2009-4307.json +++ b/2009/4xxx/CVE-2009-4307.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 2.6.32-git6 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20091209 [GIT PULL] ext4 updates for v2.6.33", - "refsource" : "MLIST", - "url" : "http://lkml.org/lkml/2009/12/9/255" - }, - { - "name" : "http://bugzilla.kernel.org/show_bug.cgi?id=14287", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.kernel.org/show_bug.cgi?id=14287" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=503358ae01b70ce6909d19dd01287093f6b6271c", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=503358ae01b70ce6909d19dd01287093f6b6271c" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.32-git6.log", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.32-git6.log" - }, - { - "name" : "MDVSA-2011:029", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029" - }, - { - "name" : "RHSA-2010:0380", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0380.html" - }, - { - "name" : "SUSE-SA:2010:001", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html" - }, - { - "name" : "SUSE-SA:2010:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html" - }, - { - "name" : "oval:org.mitre.oval:def:9874", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9874" - }, - { - "name" : "37658", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37658" - }, - { - "name" : "38017", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38017" - }, - { - "name" : "38276", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38276" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 2.6.32-git6 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38276", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38276" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=503358ae01b70ce6909d19dd01287093f6b6271c", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=503358ae01b70ce6909d19dd01287093f6b6271c" + }, + { + "name": "[linux-kernel] 20091209 [GIT PULL] ext4 updates for v2.6.33", + "refsource": "MLIST", + "url": "http://lkml.org/lkml/2009/12/9/255" + }, + { + "name": "RHSA-2010:0380", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0380.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.32-git6.log", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.32-git6.log" + }, + { + "name": "oval:org.mitre.oval:def:9874", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9874" + }, + { + "name": "SUSE-SA:2010:001", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html" + }, + { + "name": "http://bugzilla.kernel.org/show_bug.cgi?id=14287", + "refsource": "CONFIRM", + "url": "http://bugzilla.kernel.org/show_bug.cgi?id=14287" + }, + { + "name": "37658", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37658" + }, + { + "name": "SUSE-SA:2010:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html" + }, + { + "name": "MDVSA-2011:029", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029" + }, + { + "name": "38017", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38017" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4639.json b/2009/4xxx/CVE-2009-4639.json index d0f77dfabb6..8f7b72aec2f 100644 --- a/2009/4xxx/CVE-2009-4639.json +++ b/2009/4xxx/CVE-2009-4639.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) via a crafted AVI file that triggers a divide-by-zero error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html", - "refsource" : "MISC", - "url" : "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html" - }, - { - "name" : "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240", - "refsource" : "MISC", - "url" : "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240" - }, - { - "name" : "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1245", - "refsource" : "CONFIRM", - "url" : "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1245" - }, - { - "name" : "MDVSA-2011:059", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:059" - }, - { - "name" : "MDVSA-2011:060", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060" - }, - { - "name" : "MDVSA-2011:061", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061" - }, - { - "name" : "MDVSA-2011:088", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088" - }, - { - "name" : "MDVSA-2011:112", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112" - }, - { - "name" : "USN-931-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-931-1" - }, - { - "name" : "36465", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36465" - }, - { - "name" : "36805", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36805" - }, - { - "name" : "39482", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39482" - }, - { - "name" : "ADV-2010-0935", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0935" - }, - { - "name" : "ADV-2011-1241", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/1241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) via a crafted AVI file that triggers a divide-by-zero error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:088", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088" + }, + { + "name": "36805", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36805" + }, + { + "name": "36465", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36465" + }, + { + "name": "39482", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39482" + }, + { + "name": "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240", + "refsource": "MISC", + "url": "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240" + }, + { + "name": "MDVSA-2011:061", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061" + }, + { + "name": "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1245", + "refsource": "CONFIRM", + "url": "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1245" + }, + { + "name": "MDVSA-2011:112", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112" + }, + { + "name": "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html", + "refsource": "MISC", + "url": "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html" + }, + { + "name": "MDVSA-2011:059", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:059" + }, + { + "name": "ADV-2011-1241", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/1241" + }, + { + "name": "MDVSA-2011:060", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060" + }, + { + "name": "USN-931-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-931-1" + }, + { + "name": "ADV-2010-0935", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0935" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0037.json b/2015/0xxx/CVE-2015-0037.json index 4cd126dbdc1..fd0c3cbc7b5 100644 --- a/2015/0xxx/CVE-2015-0037.json +++ b/2015/0xxx/CVE-2015-0037.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-0018, CVE-2015-0040, and CVE-2015-0066." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-0037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009" - }, - { - "name" : "72448", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72448" - }, - { - "name" : "1031723", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-0018, CVE-2015-0040, and CVE-2015-0066." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72448", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72448" + }, + { + "name": "1031723", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031723" + }, + { + "name": "MS15-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0112.json b/2015/0xxx/CVE-2015-0112.json index 888c0eaf5dc..67de0bb961c 100644 --- a/2015/0xxx/CVE-2015-0112.json +++ b/2015/0xxx/CVE-2015-0112.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21957763", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21957763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21957763", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957763" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0705.json b/2015/0xxx/CVE-2015-0705.json index c4666c31d32..3891af22209 100644 --- a/2015/0xxx/CVE-2015-0705.json +++ b/2015/0xxx/CVE-2015-0705.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the SOAP API endpoints of the web-services directory in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts, aka Bug ID CSCus97494." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667" - }, - { - "name" : "20150421 Cisco Unified MeetingPlace Web Services Directory SOAP API Endpoints Cross-Site Request Forgery Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=38461" - }, - { - "name" : "74258", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74258" - }, - { - "name" : "1032335", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the SOAP API endpoints of the web-services directory in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts, aka Bug ID CSCus97494." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74258", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74258" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667" + }, + { + "name": "20150421 Cisco Unified MeetingPlace Web Services Directory SOAP API Endpoints Cross-Site Request Forgery Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38461" + }, + { + "name": "1032335", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032335" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0946.json b/2015/0xxx/CVE-2015-0946.json index 1db9437b6b4..caf87810e7f 100644 --- a/2015/0xxx/CVE-2015-0946.json +++ b/2015/0xxx/CVE-2015-0946.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0946", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0946", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1004.json b/2015/1xxx/CVE-2015-1004.json index a38b4581a45..2c9f26d1b16 100644 --- a/2015/1xxx/CVE-2015-1004.json +++ b/2015/1xxx/CVE-2015-1004.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1004", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-1004", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1031.json b/2015/1xxx/CVE-2015-1031.json index e0f69607616..b587da8ef69 100644 --- a/2015/1xxx/CVE-2015-1031.json +++ b/2015/1xxx/CVE-2015-1031.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) \"two additional unconfirmed use-after-free complaints made by Coverity scan.\" NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150110 Re: CVE Request for Privoxy Version: 3.0.22", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/11/1" - }, - { - "name" : "http://www.privoxy.org/announce.txt", - "refsource" : "CONFIRM", - "url" : "http://www.privoxy.org/announce.txt" - }, - { - "name" : "DSA-3133", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3133" - }, - { - "name" : "62123", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) \"two additional unconfirmed use-after-free complaints made by Coverity scan.\" NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3133", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3133" + }, + { + "name": "62123", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62123" + }, + { + "name": "[oss-security] 20150110 Re: CVE Request for Privoxy Version: 3.0.22", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/11/1" + }, + { + "name": "http://www.privoxy.org/announce.txt", + "refsource": "CONFIRM", + "url": "http://www.privoxy.org/announce.txt" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1109.json b/2015/1xxx/CVE-2015-1109.json index 0d0139a7f33..2657e070a22 100644 --- a/2015/1xxx/CVE-2015-1109.json +++ b/2015/1xxx/CVE-2015-1109.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204661", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204661" - }, - { - "name" : "APPLE-SA-2015-04-08-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" - }, - { - "name" : "73978", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73978" - }, - { - "name" : "1032050", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032050" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-04-08-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" + }, + { + "name": "1032050", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032050" + }, + { + "name": "73978", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73978" + }, + { + "name": "https://support.apple.com/HT204661", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204661" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1647.json b/2015/1xxx/CVE-2015-1647.json index 529ac7a7a67..f651a94bf87 100644 --- a/2015/1xxx/CVE-2015-1647.json +++ b/2015/1xxx/CVE-2015-1647.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Virtual Machine Manager (VMM) in Hyper-V in Microsoft Windows 8.1 and Windows Server 2012 R2 allows guest OS users to cause a denial of service (VMM functionality loss) via a crafted application, aka \"Windows Hyper-V DoS Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-042", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-042" - }, - { - "name" : "1032117", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Virtual Machine Manager (VMM) in Hyper-V in Microsoft Windows 8.1 and Windows Server 2012 R2 allows guest OS users to cause a denial of service (VMM functionality loss) via a crafted application, aka \"Windows Hyper-V DoS Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032117", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032117" + }, + { + "name": "MS15-042", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-042" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1697.json b/2015/1xxx/CVE-2015-1697.json index 361ec68cd54..4a813ffd923 100644 --- a/2015/1xxx/CVE-2015-1697.json +++ b/2015/1xxx/CVE-2015-1697.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1697", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka \"Windows Journal Remote Code Execution Vulnerability,\" a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1698, and CVE-2015-1699." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1697", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150601 Microsoft Windows Journal File Parsing \"INbImageLayer\" Invalid Index Error Vulnerability", - "refsource" : "IDEFENSE", - "url" : "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1096" - }, - { - "name" : "MS15-045", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-045" - }, - { - "name" : "1032280", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka \"Windows Journal Remote Code Execution Vulnerability,\" a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1698, and CVE-2015-1699." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032280", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032280" + }, + { + "name": "MS15-045", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-045" + }, + { + "name": "20150601 Microsoft Windows Journal File Parsing \"INbImageLayer\" Invalid Index Error Vulnerability", + "refsource": "IDEFENSE", + "url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1096" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4559.json b/2015/4xxx/CVE-2015-4559.json index 4cc0d2e592b..2a128a0b92f 100644 --- a/2015/4xxx/CVE-2015-4559.json +++ b/2015/4xxx/CVE-2015-4559.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the product deployment feature in the Java core web services in Intel McAfee ePolicy Orchestrator (ePO) before 5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10121", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10121" - }, - { - "name" : "91539", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91539" - }, - { - "name" : "1032671", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the product deployment feature in the Java core web services in Intel McAfee ePolicy Orchestrator (ePO) before 5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10121", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10121" + }, + { + "name": "1032671", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032671" + }, + { + "name": "91539", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91539" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4585.json b/2015/4xxx/CVE-2015-4585.json index 7d02f8efa54..e5e76eea459 100644 --- a/2015/4xxx/CVE-2015-4585.json +++ b/2015/4xxx/CVE-2015-4585.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4585", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4585", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4988.json b/2015/4xxx/CVE-2015-4988.json index b33a721a6d6..8008825d5e6 100644 --- a/2015/4xxx/CVE-2015-4988.json +++ b/2015/4xxx/CVE-2015-4988.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-4988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21968868", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21968868" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21968868", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968868" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5031.json b/2015/5xxx/CVE-2015-5031.json index 9547d7d1952..4a965ad1aa1 100644 --- a/2015/5xxx/CVE-2015-5031.json +++ b/2015/5xxx/CVE-2015-5031.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5031", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5031", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9038.json b/2015/9xxx/CVE-2015-9038.json index 7b688fc8dea..769d01c1a2c 100644 --- a/2015/9xxx/CVE-2015-9038.json +++ b/2015/9xxx/CVE-2015-9038.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-07-01T00:00:00", - "ID" : "CVE-2015-9038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer may be dereferenced in the front end." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "NULL Pointer Dereference Vulnerability in RFA" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-07-01T00:00:00", + "ID": "CVE-2015-9038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "99467", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer may be dereferenced in the front end." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NULL Pointer Dereference Vulnerability in RFA" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + }, + { + "name": "99467", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99467" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2812.json b/2018/2xxx/CVE-2018-2812.json index 28628d97880..dc837210f56 100644 --- a/2018/2xxx/CVE-2018-2812.json +++ b/2018/2xxx/CVE-2018-2812.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.7.21 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.7.21 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180419-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180419-0002/" - }, - { - "name" : "RHSA-2018:3655", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3655" - }, - { - "name" : "USN-3629-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3629-1/" - }, - { - "name" : "USN-3629-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3629-3/" - }, - { - "name" : "103836", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103836" - }, - { - "name" : "1040698", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040698", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040698" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180419-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180419-0002/" + }, + { + "name": "RHSA-2018:3655", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "name": "103836", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103836" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "USN-3629-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3629-1/" + }, + { + "name": "USN-3629-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3629-3/" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2867.json b/2018/2xxx/CVE-2018-2867.json index 08464dab7b0..135d24b8ad7 100644 --- a/2018/2xxx/CVE-2018-2867.json +++ b/2018/2xxx/CVE-2018-2867.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Application Object Library", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.4" - }, - { - "version_affected" : "=", - "version_value" : "12.2.5" - }, - { - "version_affected" : "=", - "version_value" : "12.2.6" - }, - { - "version_affected" : "=", - "version_value" : "12.2.7" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Object Library", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.3" + }, + { + "version_affected": "=", + "version_value": "12.2.4" + }, + { + "version_affected": "=", + "version_value": "12.2.5" + }, + { + "version_affected": "=", + "version_value": "12.2.6" + }, + { + "version_affected": "=", + "version_value": "12.2.7" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "103862", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103862" - }, - { - "name" : "1040694", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040694" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103862", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103862" + }, + { + "name": "1040694", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040694" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3147.json b/2018/3xxx/CVE-2018-3147.json index e3a4d4fbe6c..ca3749443bc 100644 --- a/2018/3xxx/CVE-2018-3147.json +++ b/2018/3xxx/CVE-2018-3147.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Outside In Technology", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.5.3" - }, - { - "version_affected" : "=", - "version_value" : "8.5.4" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Outside In Technology accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.5.3" + }, + { + "version_affected": "=", + "version_value": "8.5.4" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "105603", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105603" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Outside In Technology accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105603", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105603" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3967.json b/2018/3xxx/CVE-2018-3967.json index 626f98dd1dd..16428ccd875 100644 --- a/2018/3xxx/CVE-2018-3967.json +++ b/2018/3xxx/CVE-2018-3967.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-10-01T00:00:00", - "ID" : "CVE-2018-3967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit PDF Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.1.0.5096" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit Software" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-10-01T00:00:00", + "ID": "CVE-2018-3967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit PDF Reader", + "version": { + "version_data": [ + { + "version_value": "9.1.0.5096" + } + ] + } + } + ] + }, + "vendor_name": "Foxit Software" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0632", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0632", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0632" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6459.json b/2018/6xxx/CVE-2018-6459.json index 9fbdfd163d2..e285bf12d01 100644 --- a/2018/6xxx/CVE-2018-6459.json +++ b/2018/6xxx/CVE-2018-6459.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.strongswan.org/blog/2018/02/19/strongswan-vulnerability-(cve-2018-6459).html", - "refsource" : "CONFIRM", - "url" : "https://www.strongswan.org/blog/2018/02/19/strongswan-vulnerability-(cve-2018-6459).html" - }, - { - "name" : "GLSA-201811-16", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-16" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201811-16", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-16" + }, + { + "name": "https://www.strongswan.org/blog/2018/02/19/strongswan-vulnerability-(cve-2018-6459).html", + "refsource": "CONFIRM", + "url": "https://www.strongswan.org/blog/2018/02/19/strongswan-vulnerability-(cve-2018-6459).html" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6520.json b/2018/6xxx/CVE-2018-6520.json index 3dd698dc0aa..b333ba9f1fd 100644 --- a/2018/6xxx/CVE-2018-6520.json +++ b/2018/6xxx/CVE-2018-6520.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6520", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6520", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://simplesamlphp.org/security/201801-02", - "refsource" : "CONFIRM", - "url" : "https://simplesamlphp.org/security/201801-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://simplesamlphp.org/security/201801-02", + "refsource": "CONFIRM", + "url": "https://simplesamlphp.org/security/201801-02" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6708.json b/2018/6xxx/CVE-2018-6708.json index 58952d910b8..c1b51319e6b 100644 --- a/2018/6xxx/CVE-2018-6708.json +++ b/2018/6xxx/CVE-2018-6708.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6708", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6708", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6762.json b/2018/6xxx/CVE-2018-6762.json index 36b4000886c..3b31a2c8395 100644 --- a/2018/6xxx/CVE-2018-6762.json +++ b/2018/6xxx/CVE-2018-6762.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6762", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6762", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6911.json b/2018/6xxx/CVE-2018-6911.json index a1885ad6d37..1b8c0e108a2 100644 --- a/2018/6xxx/CVE-2018-6911.json +++ b/2018/6xxx/CVE-2018-6911.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The VBWinExec function in Node\\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44031", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44031/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The VBWinExec function in Node\\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44031", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44031/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7106.json b/2018/7xxx/CVE-2018-7106.json index ec3dd32eda7..cc628f66638 100644 --- a/2018/7xxx/CVE-2018-7106.json +++ b/2018/7xxx/CVE-2018-7106.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7106", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7106", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7478.json b/2018/7xxx/CVE-2018-7478.json index baac360fdfd..8b800638d17 100644 --- a/2018/7xxx/CVE-2018-7478.json +++ b/2018/7xxx/CVE-2018-7478.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7478", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7478", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7724.json b/2018/7xxx/CVE-2018-7724.json index 0887eb751a6..4896a0007be 100644 --- a/2018/7xxx/CVE-2018-7724.json +++ b/2018/7xxx/CVE-2018-7724.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-${photo_number} request. CSRF exploitation, related to CVE-2017-10681, may be possible." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/summ3rf/Vulner/blob/master/Piwigo%20Store%20XSS.md", - "refsource" : "MISC", - "url" : "https://github.com/summ3rf/Vulner/blob/master/Piwigo%20Store%20XSS.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-${photo_number} request. CSRF exploitation, related to CVE-2017-10681, may be possible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/summ3rf/Vulner/blob/master/Piwigo%20Store%20XSS.md", + "refsource": "MISC", + "url": "https://github.com/summ3rf/Vulner/blob/master/Piwigo%20Store%20XSS.md" + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5582.json b/2019/5xxx/CVE-2019-5582.json index e93e3c24bb7..8a7a77c4aa7 100644 --- a/2019/5xxx/CVE-2019-5582.json +++ b/2019/5xxx/CVE-2019-5582.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5582", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5582", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file