From 2a7fe015e933adfd7d9e4b8aa256ced80d86419e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:33:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/2xxx/CVE-2002-2005.json | 150 ++++++++-------- 2002/2xxx/CVE-2002-2348.json | 140 +++++++-------- 2005/0xxx/CVE-2005-0580.json | 120 ++++++------- 2005/0xxx/CVE-2005-0673.json | 140 +++++++-------- 2005/0xxx/CVE-2005-0885.json | 130 +++++++------- 2005/1xxx/CVE-2005-1412.json | 130 +++++++------- 2005/1xxx/CVE-2005-1497.json | 140 +++++++-------- 2005/1xxx/CVE-2005-1576.json | 140 +++++++-------- 2005/4xxx/CVE-2005-4815.json | 160 ++++++++--------- 2009/0xxx/CVE-2009-0248.json | 150 ++++++++-------- 2009/0xxx/CVE-2009-0447.json | 150 ++++++++-------- 2009/0xxx/CVE-2009-0642.json | 230 ++++++++++++------------ 2009/0xxx/CVE-2009-0915.json | 220 +++++++++++------------ 2009/1xxx/CVE-2009-1486.json | 130 +++++++------- 2009/1xxx/CVE-2009-1523.json | 310 ++++++++++++++++----------------- 2009/1xxx/CVE-2009-1568.json | 170 +++++++++--------- 2009/4xxx/CVE-2009-4489.json | 180 +++++++++---------- 2009/5xxx/CVE-2009-5049.json | 34 ++-- 2012/2xxx/CVE-2012-2185.json | 160 ++++++++--------- 2012/2xxx/CVE-2012-2327.json | 150 ++++++++-------- 2012/2xxx/CVE-2012-2499.json | 120 ++++++------- 2012/2xxx/CVE-2012-2892.json | 160 ++++++++--------- 2012/3xxx/CVE-2012-3015.json | 130 +++++++------- 2012/6xxx/CVE-2012-6141.json | 130 +++++++------- 2012/6xxx/CVE-2012-6370.json | 34 ++-- 2015/1xxx/CVE-2015-1230.json | 180 +++++++++---------- 2015/1xxx/CVE-2015-1715.json | 130 +++++++------- 2015/5xxx/CVE-2015-5545.json | 200 ++++++++++----------- 2015/5xxx/CVE-2015-5604.json | 34 ++-- 2015/5xxx/CVE-2015-5893.json | 150 ++++++++-------- 2015/5xxx/CVE-2015-5918.json | 140 +++++++-------- 2017/2xxx/CVE-2017-2175.json | 140 +++++++-------- 2018/11xxx/CVE-2018-11371.json | 120 ++++++------- 2018/11xxx/CVE-2018-11524.json | 34 ++-- 2018/11xxx/CVE-2018-11642.json | 120 ++++++------- 2018/11xxx/CVE-2018-11917.json | 34 ++-- 2018/15xxx/CVE-2018-15750.json | 150 ++++++++-------- 2018/15xxx/CVE-2018-15764.json | 182 +++++++++---------- 2018/15xxx/CVE-2018-15825.json | 34 ++-- 2018/15xxx/CVE-2018-15959.json | 140 +++++++-------- 2018/3xxx/CVE-2018-3206.json | 150 ++++++++-------- 2018/3xxx/CVE-2018-3952.json | 132 +++++++------- 2018/8xxx/CVE-2018-8503.json | 244 +++++++++++++------------- 2018/8xxx/CVE-2018-8582.json | 228 ++++++++++++------------ 2018/8xxx/CVE-2018-8720.json | 120 ++++++------- 2018/8xxx/CVE-2018-8766.json | 120 ++++++------- 2018/8xxx/CVE-2018-8924.json | 156 ++++++++--------- 47 files changed, 3323 insertions(+), 3323 deletions(-) diff --git a/2002/2xxx/CVE-2002-2005.json b/2002/2xxx/CVE-2002-2005.json index a9983143582..b1d30e7243b 100644 --- a/2002/2xxx/CVE-2002-2005.json +++ b/2002/2xxx/CVE-2002-2005.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and 1.0.1.01 (HP-UX 11.x only) allows attackers to gain access to restricted resources via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX0203-188", - "refsource" : "HP", - "url" : "http://archives.neohapsis.com/archives/hp/2002-q1/0084.html" - }, - { - "name" : "00217", - "refsource" : "SUN", - "url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2002/03/msg00279.html" - }, - { - "name" : "4310", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4310" - }, - { - "name" : "java-webstart-access-resources(8483)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8483.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and 1.0.1.01 (HP-UX 11.x only) allows attackers to gain access to restricted resources via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBUX0203-188", + "refsource": "HP", + "url": "http://archives.neohapsis.com/archives/hp/2002-q1/0084.html" + }, + { + "name": "4310", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4310" + }, + { + "name": "00217", + "refsource": "SUN", + "url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/03/msg00279.html" + }, + { + "name": "java-webstart-access-resources(8483)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8483.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2348.json b/2002/2xxx/CVE-2002-2348.json index dc78a9ab0e8..b56934d5af9 100644 --- a/2002/2xxx/CVE-2002-2348.json +++ b/2002/2xxx/CVE-2002-2348.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in athcgi.exe in Authoria HR allows remote attackers to inject arbitrary web script or HTML via the command parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021009 XSS in Authoria HR Suite", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/294624" - }, - { - "name" : "5932", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5932" - }, - { - "name" : "authoria-hr-athcgi-xss(10324)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10324.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in athcgi.exe in Authoria HR allows remote attackers to inject arbitrary web script or HTML via the command parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021009 XSS in Authoria HR Suite", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/294624" + }, + { + "name": "authoria-hr-athcgi-xss(10324)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10324.php" + }, + { + "name": "5932", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5932" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0580.json b/2005/0xxx/CVE-2005-0580.json index 9e212396461..004854987fd 100644 --- a/2005/0xxx/CVE-2005-0580.json +++ b/2005/0xxx/CVE-2005-0580.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cmd5checkpw, when running setuid, does not properly drop privileges before calling the execvp function, which allows local users to read the poppasswd file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200502-30", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200502-30.xml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cmd5checkpw, when running setuid, does not properly drop privileges before calling the execvp function, which allows local users to read the poppasswd file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200502-30", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200502-30.xml" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0673.json b/2005/0xxx/CVE-2005-0673.json index 487e5d2f0f3..6d3d3e479c4 100644 --- a/2005/0xxx/CVE-2005-0673.json +++ b/2005/0xxx/CVE-2005-0673.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://neosecurityteam.tk/index.php?pagina=advisories&id=8", - "refsource" : "MISC", - "url" : "http://neosecurityteam.tk/index.php?pagina=advisories&id=8" - }, - { - "name" : "1013362", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013362" - }, - { - "name" : "14475", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14475" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013362", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013362" + }, + { + "name": "http://neosecurityteam.tk/index.php?pagina=advisories&id=8", + "refsource": "MISC", + "url": "http://neosecurityteam.tk/index.php?pagina=advisories&id=8" + }, + { + "name": "14475", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14475" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0885.json b/2005/0xxx/CVE-2005-0885.json index 80d6bf86bfd..86b591f0ad2 100644 --- a/2005/0xxx/CVE-2005-0885.json +++ b/2005/0xxx/CVE-2005-0885.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0885", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Mood or (2) \"Send To\" fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12886", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12886" - }, - { - "name" : "1013515", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013515" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Mood or (2) \"Send To\" fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12886", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12886" + }, + { + "name": "1013515", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013515" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1412.json b/2005/1xxx/CVE-2005-1412.json index 8129f3850b4..e67f7c28d40 100644 --- a/2005/1xxx/CVE-2005-1412.json +++ b/2005/1xxx/CVE-2005-1412.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1412", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in verify.asp for Ecomm Professional Guestbook 3.x allows remote attackers to execute arbitrary SQL commands via the AdminPWD parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1412", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15967", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15967" - }, - { - "name" : "15190", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15190" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in verify.asp for Ecomm Professional Guestbook 3.x allows remote attackers to execute arbitrary SQL commands via the AdminPWD parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15967", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15967" + }, + { + "name": "15190", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15190" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1497.json b/2005/1xxx/CVE-2005-1497.json index ea4b0309292..34870075b31 100644 --- a/2005/1xxx/CVE-2005-1497.json +++ b/2005/1xxx/CVE-2005-1497.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1497", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php in myBloggie 2.1.1 allows remote attackers to obtain sensitive information via an invalid post_id parameter, which reveals the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1497", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050505 Multiple vulnerabilities in myBloggie 2.1.1", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111531904608224&w=2" - }, - { - "name" : "http://mywebland.com/forums/viewtopic.php?t=180", - "refsource" : "MISC", - "url" : "http://mywebland.com/forums/viewtopic.php?t=180" - }, - { - "name" : "mybloggie-postid-path-disclosure(20433)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php in myBloggie 2.1.1 allows remote attackers to obtain sensitive information via an invalid post_id parameter, which reveals the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://mywebland.com/forums/viewtopic.php?t=180", + "refsource": "MISC", + "url": "http://mywebland.com/forums/viewtopic.php?t=180" + }, + { + "name": "mybloggie-postid-path-disclosure(20433)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20433" + }, + { + "name": "20050505 Multiple vulnerabilities in myBloggie 2.1.1", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111531904608224&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1576.json b/2005/1xxx/CVE-2005-1576.json index 9f4372b95c8..f857cbc0cec 100644 --- a/2005/1xxx/CVE-2005-1576.json +++ b/2005/1xxx/CVE-2005-1576.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when \"Save to Disk\" is selected, which allows remote attackers to hide the real file types of downloaded files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2004-11/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2004-11/advisory/" - }, - { - "name" : "16432", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16432" - }, - { - "name" : "12979", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12979" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when \"Save to Disk\" is selected, which allows remote attackers to hide the real file types of downloaded files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16432", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16432" + }, + { + "name": "http://secunia.com/secunia_research/2004-11/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2004-11/advisory/" + }, + { + "name": "12979", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12979" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4815.json b/2005/4xxx/CVE-2005-4815.json index 4a5d770aa27..5be0bf58451 100644 --- a/2005/4xxx/CVE-2005-4815.json +++ b/2005/4xxx/CVE-2005-4815.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4815", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6 before 4.6D patch 1767, 45 before 45B patch 913, 40 before 40B patch 1008, and 31 before 31I patch 735 do not properly restrict process execution by lnaxdm/sapsys, which allows remote attackers to execute arbitrary code via a certain UDP packet that ends with the name of a local executable file, aka the \"FX SAP R/3 gwrd vuln.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4815", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061112 Old SAP exploits", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451378/100/0/threaded" - }, - { - "name" : "[Darklab] 20060905 SAP security/auditing", - "refsource" : "MLIST", - "url" : "http://lists.virus.org/darklab-0509/msg00011.html" - }, - { - "name" : "[Darklab] 20060907 Re: SAP security/auditing", - "refsource" : "MLIST", - "url" : "http://lists.virus.org/darklab-0509/msg00017.html" - }, - { - "name" : "[Darklab] 20060908 Re: SAP security/auditing", - "refsource" : "MLIST", - "url" : "http://lists.virus.org/darklab-0509/msg00018.html" - }, - { - "name" : "[Darklab] 20060131 SAP security/auditing", - "refsource" : "MLIST", - "url" : "http://lists.darklab.org/pipermail/darklab/2006-January/000209.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6 before 4.6D patch 1767, 45 before 45B patch 913, 40 before 40B patch 1008, and 31 before 31I patch 735 do not properly restrict process execution by lnaxdm/sapsys, which allows remote attackers to execute arbitrary code via a certain UDP packet that ends with the name of a local executable file, aka the \"FX SAP R/3 gwrd vuln.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[Darklab] 20060907 Re: SAP security/auditing", + "refsource": "MLIST", + "url": "http://lists.virus.org/darklab-0509/msg00017.html" + }, + { + "name": "[Darklab] 20060905 SAP security/auditing", + "refsource": "MLIST", + "url": "http://lists.virus.org/darklab-0509/msg00011.html" + }, + { + "name": "[Darklab] 20060131 SAP security/auditing", + "refsource": "MLIST", + "url": "http://lists.darklab.org/pipermail/darklab/2006-January/000209.html" + }, + { + "name": "[Darklab] 20060908 Re: SAP security/auditing", + "refsource": "MLIST", + "url": "http://lists.virus.org/darklab-0509/msg00018.html" + }, + { + "name": "20061112 Old SAP exploits", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451378/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0248.json b/2009/0xxx/CVE-2009-0248.json index 0b44d8a80b2..f099d163ee7 100644 --- a/2009/0xxx/CVE-2009-0248.json +++ b/2009/0xxx/CVE-2009-0248.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0248", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to inject arbitrary web script or HTML via the siteID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0248", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7805", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7805" - }, - { - "name" : "33324", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33324" - }, - { - "name" : "rankem-rankup-xss(48071)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48071" - }, - { - "name" : "rankem-siteid-xss(48072)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48072" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to inject arbitrary web script or HTML via the siteID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "rankem-rankup-xss(48071)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48071" + }, + { + "name": "33324", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33324" + }, + { + "name": "7805", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7805" + }, + { + "name": "rankem-siteid-xss(48072)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48072" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0447.json b/2009/0xxx/CVE-2009-0447.json index 83936b99712..2bdc65370ff 100644 --- a/2009/0xxx/CVE-2009-0447.json +++ b/2009/0xxx/CVE-2009-0447.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in default.asp in MyDesign Sayac 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the user parameter (aka UserName field) or (2) the pass parameter (aka Pass field) to (a) admin/admin.asp or (b) the default URI under admin/. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7963", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7963" - }, - { - "name" : "33593", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33593" - }, - { - "name" : "51754", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51754" - }, - { - "name" : "33771", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33771" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in default.asp in MyDesign Sayac 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the user parameter (aka UserName field) or (2) the pass parameter (aka Pass field) to (a) admin/admin.asp or (b) the default URI under admin/. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33593", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33593" + }, + { + "name": "33771", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33771" + }, + { + "name": "51754", + "refsource": "OSVDB", + "url": "http://osvdb.org/51754" + }, + { + "name": "7963", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7963" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0642.json b/2009/0xxx/CVE-2009-0642.json index f4173a783f7..07d607656f5 100644 --- a/2009/0xxx/CVE-2009-0642.json +++ b/2009/0xxx/CVE-2009-0642.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513528", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513528" - }, - { - "name" : "http://redmine.ruby-lang.org/issues/show/1091", - "refsource" : "CONFIRM", - "url" : "http://redmine.ruby-lang.org/issues/show/1091" - }, - { - "name" : "MDVSA-2009:193", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:193" - }, - { - "name" : "RHSA-2009:1140", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1140.html" - }, - { - "name" : "USN-805-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-805-1" - }, - { - "name" : "33769", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33769" - }, - { - "name" : "oval:org.mitre.oval:def:11450", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11450" - }, - { - "name" : "1022505", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022505" - }, - { - "name" : "33750", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33750" - }, - { - "name" : "35699", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35699" - }, - { - "name" : "35937", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35937" - }, - { - "name" : "ruby-ocspbasicverify-spoofing(48761)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48761" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35937", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35937" + }, + { + "name": "http://redmine.ruby-lang.org/issues/show/1091", + "refsource": "CONFIRM", + "url": "http://redmine.ruby-lang.org/issues/show/1091" + }, + { + "name": "ruby-ocspbasicverify-spoofing(48761)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48761" + }, + { + "name": "RHSA-2009:1140", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1140.html" + }, + { + "name": "USN-805-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-805-1" + }, + { + "name": "33769", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33769" + }, + { + "name": "1022505", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022505" + }, + { + "name": "oval:org.mitre.oval:def:11450", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11450" + }, + { + "name": "35699", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35699" + }, + { + "name": "MDVSA-2009:193", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:193" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513528", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513528" + }, + { + "name": "33750", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33750" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0915.json b/2009/0xxx/CVE-2009-0915.json index f6d358c7c6d..74cf83e7d18 100644 --- a/2009/0xxx/CVE-2009-0915.json +++ b/2009/0xxx/CVE-2009-0915.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0915", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified vectors related to plug-ins." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/freebsd/964/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/freebsd/964/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/linux/964/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/linux/964/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/mac/964/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/964/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/solaris/964/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/solaris/964/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/964/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/964/" - }, - { - "name" : "SUSE-SR:2009:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html" - }, - { - "name" : "33961", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33961" - }, - { - "name" : "oval:org.mitre.oval:def:6220", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6220" - }, - { - "name" : "34135", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34135" - }, - { - "name" : "34418", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34418" - }, - { - "name" : "ADV-2009-0586", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0586" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified vectors related to plug-ins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2009:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html" + }, + { + "name": "34135", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34135" + }, + { + "name": "http://www.opera.com/docs/changelogs/solaris/964/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/solaris/964/" + }, + { + "name": "http://www.opera.com/docs/changelogs/linux/964/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/linux/964/" + }, + { + "name": "oval:org.mitre.oval:def:6220", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6220" + }, + { + "name": "34418", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34418" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/964/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/964/" + }, + { + "name": "33961", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33961" + }, + { + "name": "ADV-2009-0586", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0586" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/964/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/964/" + }, + { + "name": "http://www.opera.com/docs/changelogs/freebsd/964/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/freebsd/964/" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1486.json b/2009/1xxx/CVE-2009-1486.json index 1a8abacabd1..5c010fc44db 100644 --- a/2009/1xxx/CVE-2009-1486.json +++ b/2009/1xxx/CVE-2009-1486.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in pmscript.php in Flatchat 3.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the with parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8549", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8549" - }, - { - "name" : "34904", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34904" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in pmscript.php in Flatchat 3.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the with parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8549", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8549" + }, + { + "name": "34904", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34904" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1523.json b/2009/1xxx/CVE-2009-1523.json index c3383a337d8..df9abf8c5e7 100644 --- a/2009/1xxx/CVE-2009-1523.json +++ b/2009/1xxx/CVE-2009-1523.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jira.codehaus.org/browse/JETTY-1004", - "refsource" : "CONFIRM", - "url" : "http://jira.codehaus.org/browse/JETTY-1004" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/CRDY-7RKQCY", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/CRDY-7RKQCY" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=499867", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=499867" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" - }, - { - "name" : "FEDORA-2009-5500", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01257.html" - }, - { - "name" : "FEDORA-2009-5509", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01259.html" - }, - { - "name" : "FEDORA-2009-5513", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01262.html" - }, - { - "name" : "HPSBMA02553", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388" - }, - { - "name" : "SSRT100184", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388" - }, - { - "name" : "VU#402580", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/402580" - }, - { - "name" : "34800", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34800" - }, - { - "name" : "35675", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35675" - }, - { - "name" : "1022563", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022563" - }, - { - "name" : "34975", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34975" - }, - { - "name" : "35143", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35143" - }, - { - "name" : "35225", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35225" - }, - { - "name" : "35776", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35776" - }, - { - "name" : "40553", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40553" - }, - { - "name" : "ADV-2009-1900", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1900" - }, - { - "name" : "ADV-2010-1792", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1792" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34800", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34800" + }, + { + "name": "http://jira.codehaus.org/browse/JETTY-1004", + "refsource": "CONFIRM", + "url": "http://jira.codehaus.org/browse/JETTY-1004" + }, + { + "name": "ADV-2010-1792", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1792" + }, + { + "name": "35776", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35776" + }, + { + "name": "FEDORA-2009-5513", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01262.html" + }, + { + "name": "SSRT100184", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388" + }, + { + "name": "1022563", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022563" + }, + { + "name": "ADV-2009-1900", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1900" + }, + { + "name": "FEDORA-2009-5500", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01257.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=499867", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=499867" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" + }, + { + "name": "34975", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34975" + }, + { + "name": "35675", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35675" + }, + { + "name": "http://www.kb.cert.org/vuls/id/CRDY-7RKQCY", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/CRDY-7RKQCY" + }, + { + "name": "35225", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35225" + }, + { + "name": "35143", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35143" + }, + { + "name": "40553", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40553" + }, + { + "name": "HPSBMA02553", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388" + }, + { + "name": "VU#402580", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/402580" + }, + { + "name": "FEDORA-2009-5509", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01259.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1568.json b/2009/1xxx/CVE-2009-1568.json index daad21128b5..2add9f1450f 100644 --- a/2009/1xxx/CVE-2009-1568.json +++ b/2009/1xxx/CVE-2009-1568.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in ienipp.ocx in Novell iPrint Client 5.30, and possibly other versions before 5.32, allows remote attackers to execute arbitrary code via a long target-frame parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2009-1568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091208 Secunia Research: Novell iPrint Client \"target-frame\" Parameter Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508289/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2009-40/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2009-40/" - }, - { - "name" : "http://download.novell.com/Download?buildid=29T3EFRky18~", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=29T3EFRky18~" - }, - { - "name" : "37242", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37242" - }, - { - "name" : "37169", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37169" - }, - { - "name" : "ADV-2009-3429", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3429" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in ienipp.ocx in Novell iPrint Client 5.30, and possibly other versions before 5.32, allows remote attackers to execute arbitrary code via a long target-frame parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://download.novell.com/Download?buildid=29T3EFRky18~", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=29T3EFRky18~" + }, + { + "name": "20091208 Secunia Research: Novell iPrint Client \"target-frame\" Parameter Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508289/100/0/threaded" + }, + { + "name": "http://secunia.com/secunia_research/2009-40/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2009-40/" + }, + { + "name": "ADV-2009-3429", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3429" + }, + { + "name": "37242", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37242" + }, + { + "name": "37169", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37169" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4489.json b/2009/4xxx/CVE-2009-4489.json index 6061376affb..b865e266382 100644 --- a/2009/4xxx/CVE-2009-4489.json +++ b/2009/4xxx/CVE-2009-4489.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "header.c in Cherokee before 0.99.32 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508830/100/0/threaded" - }, - { - "name" : "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt", - "refsource" : "MISC", - "url" : "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt" - }, - { - "name" : "http://svn.cherokee-project.com/changeset/3944", - "refsource" : "CONFIRM", - "url" : "http://svn.cherokee-project.com/changeset/3944" - }, - { - "name" : "http://svn.cherokee-project.com/changeset/3977", - "refsource" : "CONFIRM", - "url" : "http://svn.cherokee-project.com/changeset/3977" - }, - { - "name" : "37715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37715" - }, - { - "name" : "37933", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37933" - }, - { - "name" : "ADV-2010-0090", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0090" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "header.c in Cherokee before 0.99.32 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://svn.cherokee-project.com/changeset/3944", + "refsource": "CONFIRM", + "url": "http://svn.cherokee-project.com/changeset/3944" + }, + { + "name": "37933", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37933" + }, + { + "name": "ADV-2010-0090", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0090" + }, + { + "name": "37715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37715" + }, + { + "name": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt", + "refsource": "MISC", + "url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt" + }, + { + "name": "http://svn.cherokee-project.com/changeset/3977", + "refsource": "CONFIRM", + "url": "http://svn.cherokee-project.com/changeset/3977" + }, + { + "name": "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5049.json b/2009/5xxx/CVE-2009-5049.json index 5619edc74b1..eb2baaeab84 100644 --- a/2009/5xxx/CVE-2009-5049.json +++ b/2009/5xxx/CVE-2009-5049.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5049", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5049", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2185.json b/2012/2xxx/CVE-2012-2185.json index 0415ec03c98..12f6be3eb06 100644 --- a/2012/2xxx/CVE-2012-2185.json +++ b/2012/2xxx/CVE-2012-2185.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-2185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21610081", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" - }, - { - "name" : "IV17942", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17942" - }, - { - "name" : "85183", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85183" - }, - { - "name" : "50551", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50551" - }, - { - "name" : "ibm-maximo-info-disclosure(75784)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75784" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50551", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50551" + }, + { + "name": "ibm-maximo-info-disclosure(75784)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75784" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" + }, + { + "name": "85183", + "refsource": "OSVDB", + "url": "http://osvdb.org/85183" + }, + { + "name": "IV17942", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17942" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2327.json b/2012/2xxx/CVE-2012-2327.json index ceac618f80e..b299ca35d26 100644 --- a/2012/2xxx/CVE-2012-2327.json +++ b/2012/2xxx/CVE-2012-2327.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2327", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie, which reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2327", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120507 CVE request: mybb before 1.6.7", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/07/13" - }, - { - "name" : "[oss-security] 20120507 Re: CVE request: mybb before 1.6.7", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/07/14" - }, - { - "name" : "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", - "refsource" : "CONFIRM", - "url" : "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/" - }, - { - "name" : "53417", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie, which reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53417", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53417" + }, + { + "name": "[oss-security] 20120507 CVE request: mybb before 1.6.7", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/07/13" + }, + { + "name": "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", + "refsource": "CONFIRM", + "url": "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/" + }, + { + "name": "[oss-security] 20120507 Re: CVE request: mybb before 1.6.7", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/07/14" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2499.json b/2012/2xxx/CVE-2012-2499.json index 94401e08453..ade7efefbd5 100644 --- a/2012/2xxx/CVE-2012-2499.json +++ b/2012/2xxx/CVE-2012-2499.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-2499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/release/notes/anyconnect30rn.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/release/notes/anyconnect30rn.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/release/notes/anyconnect30rn.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/release/notes/anyconnect30rn.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2892.json b/2012/2xxx/CVE-2012-2892.json index 3d3c21f25d1..4870b25278e 100644 --- a/2012/2xxx/CVE-2012-2892.json +++ b/2012/2xxx/CVE-2012-2892.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to bypass the pop-up blocker via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=144704", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=144704" - }, - { - "name" : "openSUSE-SU-2012:1376", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html" - }, - { - "name" : "oval:org.mitre.oval:def:15807", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15807" - }, - { - "name" : "google-chrome-cve20122892(78843)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78843" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to bypass the pop-up blocker via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "google-chrome-cve20122892(78843)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78843" + }, + { + "name": "oval:org.mitre.oval:def:15807", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15807" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=144704", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=144704" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html" + }, + { + "name": "openSUSE-SU-2012:1376", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3015.json b/2012/3xxx/CVE-2012-3015.json index 2c18ef121cd..5371de7d9c2 100644 --- a/2012/3xxx/CVE-2012-3015.json +++ b/2012/3xxx/CVE-2012-3015.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other products, allows local users to gain privileges via a Trojan horse DLL in a STEP7 project folder." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2012-3015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-205-02.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-205-02.pdf" - }, - { - "name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-110665.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-110665.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other products, allows local users to gain privileges via a Trojan horse DLL in a STEP7 project folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-205-02.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-205-02.pdf" + }, + { + "name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-110665.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-110665.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6141.json b/2012/6xxx/CVE-2012-6141.json index ea8a5691e00..1e2541e1c96 100644 --- a/2012/6xxx/CVE-2012-6141.json +++ b/2012/6xxx/CVE-2012-6141.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The App::Context module 0.01 through 0.968 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request to (1) App::Session::Cookie or (2) App::Session::HTMLHidden, which is not properly handled when it is deserialized." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-6141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130514 Re: CVE Request: Storable::thaw called on cookie data in multiple CPAN modules", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q2/318" - }, - { - "name" : "appcontext-cve20126141-sec-bypass(84198)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84198" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The App::Context module 0.01 through 0.968 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request to (1) App::Session::Cookie or (2) App::Session::HTMLHidden, which is not properly handled when it is deserialized." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20130514 Re: CVE Request: Storable::thaw called on cookie data in multiple CPAN modules", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q2/318" + }, + { + "name": "appcontext-cve20126141-sec-bypass(84198)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84198" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6370.json b/2012/6xxx/CVE-2012-6370.json index 84a647839ea..fc7e74a8720 100644 --- a/2012/6xxx/CVE-2012-6370.json +++ b/2012/6xxx/CVE-2012-6370.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6370", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6370", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1230.json b/2015/1xxx/CVE-2015-1230.json index 8dc1dac537a..966a326c749 100644 --- a/2015/1xxx/CVE-2015-1230.json +++ b/2015/1xxx/CVE-2015-1230.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that adds an AudioContext event listener and triggers \"type confusion.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=449610", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=449610" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=189006&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=189006&view=revision" - }, - { - "name" : "GLSA-201503-12", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201503-12" - }, - { - "name" : "RHSA-2015:0627", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0627.html" - }, - { - "name" : "USN-2521-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2521-1" - }, - { - "name" : "72901", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72901" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that adds an AudioContext event listener and triggers \"type confusion.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2521-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2521-1" + }, + { + "name": "72901", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72901" + }, + { + "name": "GLSA-201503-12", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201503-12" + }, + { + "name": "RHSA-2015:0627", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0627.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=449610", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=449610" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=189006&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=189006&view=revision" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1715.json b/2015/1xxx/CVE-2015-1715.json index 90cba4c39f4..ae2241bd457 100644 --- a/2015/1xxx/CVE-2015-1715.json +++ b/2015/1xxx/CVE-2015-1715.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Silverlight 5 before 5.1.40416.00 allows remote attackers to bypass intended integrity-level restrictions via a crafted Silverlight application, aka \"Microsoft Silverlight Out of Browser Application Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-049", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-049" - }, - { - "name" : "1032298", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Silverlight 5 before 5.1.40416.00 allows remote attackers to bypass intended integrity-level restrictions via a crafted Silverlight application, aka \"Microsoft Silverlight Out of Browser Application Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-049", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-049" + }, + { + "name": "1032298", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032298" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5545.json b/2015/5xxx/CVE-2015-5545.json index d89dfa6ee01..3e62b7cf552 100644 --- a/2015/5xxx/CVE-2015-5545.json +++ b/2015/5xxx/CVE-2015-5545.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, and CVE-2015-5553." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "GLSA-201508-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201508-01" - }, - { - "name" : "RHSA-2015:1603", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1603.html" - }, - { - "name" : "openSUSE-SU-2015:1781", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" - }, - { - "name" : "76283", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76283" - }, - { - "name" : "1033235", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, and CVE-2015-5553." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "76283", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76283" + }, + { + "name": "GLSA-201508-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201508-01" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html" + }, + { + "name": "openSUSE-SU-2015:1781", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" + }, + { + "name": "1033235", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033235" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + }, + { + "name": "RHSA-2015:1603", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1603.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5604.json b/2015/5xxx/CVE-2015-5604.json index 7405a51213c..c4ac3bad49f 100644 --- a/2015/5xxx/CVE-2015-5604.json +++ b/2015/5xxx/CVE-2015-5604.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5604", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5604", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5893.json b/2015/5xxx/CVE-2015-5893.json index 3ac74151751..88b9d9203d9 100644 --- a/2015/5xxx/CVE-2015-5893.json +++ b/2015/5xxx/CVE-2015-5893.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205267", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205267" - }, - { - "name" : "APPLE-SA-2015-09-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" - }, - { - "name" : "76908", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76908" - }, - { - "name" : "1033703", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033703", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033703" + }, + { + "name": "APPLE-SA-2015-09-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" + }, + { + "name": "https://support.apple.com/HT205267", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205267" + }, + { + "name": "76908", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76908" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5918.json b/2015/5xxx/CVE-2015-5918.json index ef13fc9e699..5af4067cb44 100644 --- a/2015/5xxx/CVE-2015-5918.json +++ b/2015/5xxx/CVE-2015-5918.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GasGauge in Apple watchOS before 2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5919." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205213", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205213" - }, - { - "name" : "APPLE-SA-2015-09-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html" - }, - { - "name" : "1033620", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GasGauge in Apple watchOS before 2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5919." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-09-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html" + }, + { + "name": "https://support.apple.com/HT205213", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205213" + }, + { + "name": "1033620", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033620" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2175.json b/2017/2xxx/CVE-2017-2175.json index 96510d10e1b..d003444843b 100644 --- a/2017/2xxx/CVE-2017-2175.json +++ b/2017/2xxx/CVE-2017-2175.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Empirical Project Monitor - eXtended", - "version" : { - "version_data" : [ - { - "version_value" : "all versions" - } - ] - } - } - ] - }, - "vendor_name" : "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Empirical Project Monitor - eXtended", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + } + ] + }, + "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ipa.go.jp/sec/info/20170519.html", - "refsource" : "CONFIRM", - "url" : "https://www.ipa.go.jp/sec/info/20170519.html" - }, - { - "name" : "JVN#12493656", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN12493656/index.html" - }, - { - "name" : "JVNDB-2017-000098", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ipa.go.jp/sec/info/20170519.html", + "refsource": "CONFIRM", + "url": "https://www.ipa.go.jp/sec/info/20170519.html" + }, + { + "name": "JVN#12493656", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN12493656/index.html" + }, + { + "name": "JVNDB-2017-000098", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000098" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11371.json b/2018/11xxx/CVE-2018-11371.json index 41831273c5e..93b4da160ff 100644 --- a/2018/11xxx/CVE-2018-11371.json +++ b/2018/11xxx/CVE-2018-11371.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SkyCaiji 1.2 allows CSRF to add an Administrator user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/zorlan/skycaiji/issues/9", - "refsource" : "MISC", - "url" : "https://github.com/zorlan/skycaiji/issues/9" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SkyCaiji 1.2 allows CSRF to add an Administrator user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/zorlan/skycaiji/issues/9", + "refsource": "MISC", + "url": "https://github.com/zorlan/skycaiji/issues/9" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11524.json b/2018/11xxx/CVE-2018-11524.json index bb1cf4e9643..a97b6f680e8 100644 --- a/2018/11xxx/CVE-2018-11524.json +++ b/2018/11xxx/CVE-2018-11524.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11524", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11524", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11642.json b/2018/11xxx/CVE-2018-11642.json index 4af083379af..cbc6e4f8c45 100644 --- a/2018/11xxx/CVE-2018-11642.json +++ b/2018/11xxx/CVE-2018-11642.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://d3adend.org/blog/?p=1398", - "refsource" : "MISC", - "url" : "https://d3adend.org/blog/?p=1398" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://d3adend.org/blog/?p=1398", + "refsource": "MISC", + "url": "https://d3adend.org/blog/?p=1398" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11917.json b/2018/11xxx/CVE-2018-11917.json index 7f0bc1ffd96..8c76cbe8607 100644 --- a/2018/11xxx/CVE-2018-11917.json +++ b/2018/11xxx/CVE-2018-11917.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11917", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11917", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15750.json b/2018/15xxx/CVE-2018-15750.json index fcdf4c99111..abcbc36bac0 100644 --- a/2018/15xxx/CVE-2018-15750.json +++ b/2018/15xxx/CVE-2018-15750.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15750", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15750", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[salt-users] 20181024 2017.7.8 Released - Security Advisory", - "refsource" : "MLIST", - "url" : "https://groups.google.com/d/msg/salt-users/dimVF7rpphY/jn3Xv3MbBQAJ" - }, - { - "name" : "[salt-users] 20181024 2018.3.3 Released - Security Advisory", - "refsource" : "MLIST", - "url" : "https://groups.google.com/d/msg/salt-users/L9xqcJ0UXxs/qgDj42obBQAJ" - }, - { - "name" : "https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html", - "refsource" : "CONFIRM", - "url" : "https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html" - }, - { - "name" : "https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html", - "refsource" : "CONFIRM", - "url" : "https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html", + "refsource": "CONFIRM", + "url": "https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html" + }, + { + "name": "https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html", + "refsource": "CONFIRM", + "url": "https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html" + }, + { + "name": "[salt-users] 20181024 2018.3.3 Released - Security Advisory", + "refsource": "MLIST", + "url": "https://groups.google.com/d/msg/salt-users/L9xqcJ0UXxs/qgDj42obBQAJ" + }, + { + "name": "[salt-users] 20181024 2017.7.8 Released - Security Advisory", + "refsource": "MLIST", + "url": "https://groups.google.com/d/msg/salt-users/dimVF7rpphY/jn3Xv3MbBQAJ" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15764.json b/2018/15xxx/CVE-2018-15764.json index a9397e748b2..1e24e98cac6 100644 --- a/2018/15xxx/CVE-2018-15764.json +++ b/2018/15xxx/CVE-2018-15764.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@dell.com", - "DATE_PUBLIC" : "2018-09-24T10:54:00.000Z", - "ID" : "CVE-2018-15764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ESRS Policy Manager", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "6.8" - } - ] - } - } - ] - }, - "vendor_name" : "DELL EMC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code in the server's JVM." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 9.8, - "baseSeverity" : "CRITICAL", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution vulnerability " - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-09-24T10:54:00.000Z", + "ID": "CVE-2018-15764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ESRS Policy Manager", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "6.8" + } + ] + } + } + ] + }, + "vendor_name": "DELL EMC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180924 DSA-2018-158: Dell EMC ESRS Policy Manager Remote Code Execution Vulnerability", - "refsource" : "FULLDISC", - "url" : "https://seclists.org/fulldisclosure/2018/Sep/47" - }, - { - "name" : "105405", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105405" - }, - { - "name" : "1041714", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041714" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code in the server's JVM." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution vulnerability " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041714", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041714" + }, + { + "name": "20180924 DSA-2018-158: Dell EMC ESRS Policy Manager Remote Code Execution Vulnerability", + "refsource": "FULLDISC", + "url": "https://seclists.org/fulldisclosure/2018/Sep/47" + }, + { + "name": "105405", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105405" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15825.json b/2018/15xxx/CVE-2018-15825.json index 4b7e75b78b1..857509ce46d 100644 --- a/2018/15xxx/CVE-2018-15825.json +++ b/2018/15xxx/CVE-2018-15825.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15825", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15825", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15959.json b/2018/15xxx/CVE-2018-15959.json index d64661f332c..15e1e0705a8 100644 --- a/2018/15xxx/CVE-2018-15959.json +++ b/2018/15xxx/CVE-2018-15959.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-15959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ColdFusion", - "version" : { - "version_data" : [ - { - "version_value" : "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Deserialization of untrusted data" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-15959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ColdFusion", + "version": { + "version_data": [ + { + "version_value": "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" - }, - { - "name" : "105313", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105313" - }, - { - "name" : "1041621", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Deserialization of untrusted data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" + }, + { + "name": "1041621", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041621" + }, + { + "name": "105313", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105313" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3206.json b/2018/3xxx/CVE-2018-3206.json index 6c0fbd7f6dd..2d138e436bc 100644 --- a/2018/3xxx/CVE-2018-3206.json +++ b/2018/3xxx/CVE-2018-3206.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PT PeopleTools", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.55" - }, - { - "version_affected" : "=", - "version_value" : "8.56" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.55" + }, + { + "version_affected": "=", + "version_value": "8.56" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105598", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105598" - }, - { - "name" : "1041891", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041891" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105598", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105598" + }, + { + "name": "1041891", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041891" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3952.json b/2018/3xxx/CVE-2018-3952.json index 2c46ea60baa..1b196a45df6 100644 --- a/2018/3xxx/CVE-2018-3952.json +++ b/2018/3xxx/CVE-2018-3952.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-09-07T00:00:00", - "ID" : "CVE-2018-3952", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NordVPN", - "version" : { - "version_data" : [ - { - "version_value" : "NordVPN 6.14.28.0" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS command injection" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-09-07T00:00:00", + "ID": "CVE-2018-3952", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NordVPN", + "version": { + "version_data": [ + { + "version_value": "NordVPN 6.14.28.0" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0622", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0622" - }, - { - "name" : "105312", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105312" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0622", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0622" + }, + { + "name": "105312", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105312" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8503.json b/2018/8xxx/CVE-2018-8503.json index 2e40903c608..a20c48d549b 100644 --- a/2018/8xxx/CVE-2018-8503.json +++ b/2018/8xxx/CVE-2018-8503.json @@ -1,124 +1,124 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - }, - { - "version_value" : "Windows Server 2019" - } - ] - } - }, - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8505, CVE-2018-8510, CVE-2018-8511, CVE-2018-8513." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + }, + { + "version_value": "Windows Server 2019" + } + ] + } + }, + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8503", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8503" - }, - { - "name" : "105464", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105464" - }, - { - "name" : "1041825", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8505, CVE-2018-8510, CVE-2018-8511, CVE-2018-8513." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041825", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041825" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8503", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8503" + }, + { + "name": "105464", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105464" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8582.json b/2018/8xxx/CVE-2018-8582.json index 8b83206a225..667a16a6236 100644 --- a/2018/8xxx/CVE-2018-8582.json +++ b/2018/8xxx/CVE-2018-8582.json @@ -1,116 +1,116 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8582", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Office", - "version" : { - "version_data" : [ - { - "version_value" : "2019 for 32-bit editions" - }, - { - "version_value" : "2019 for 64-bit editions" - } - ] - } - }, - { - "product_name" : "Office", - "version" : { - "version_data" : [ - { - "version_value" : "365 ProPlus for 32-bit Systems" - }, - { - "version_value" : "365 ProPlus for 64-bit Systems" - } - ] - } - }, - { - "product_name" : "Microsoft Outlook", - "version" : { - "version_data" : [ - { - "version_value" : "2010 Service Pack 2 (32-bit editions)" - }, - { - "version_value" : "2010 Service Pack 2 (64-bit editions)" - }, - { - "version_value" : "2013 RT Service Pack 1" - }, - { - "version_value" : "2013 Service Pack 1 (32-bit editions)" - }, - { - "version_value" : "2013 Service Pack 1 (64-bit editions)" - }, - { - "version_value" : "2016 (32-bit edition)" - }, - { - "version_value" : "2016 (64-bit edition)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka \"Microsoft Outlook Remote Code Execution Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8576." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8582", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + } + ] + } + }, + { + "product_name": "Office", + "version": { + "version_data": [ + { + "version_value": "365 ProPlus for 32-bit Systems" + }, + { + "version_value": "365 ProPlus for 64-bit Systems" + } + ] + } + }, + { + "product_name": "Microsoft Outlook", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + }, + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8582", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8582" - }, - { - "name" : "105825", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105825" - }, - { - "name" : "1042110", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka \"Microsoft Outlook Remote Code Execution Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8576." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1042110", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042110" + }, + { + "name": "105825", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105825" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8582", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8582" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8720.json b/2018/8xxx/CVE-2018-8720.json index bb31b2e6a40..1b4ecdd776b 100644 --- a/2018/8xxx/CVE-2018-8720.json +++ b/2018/8xxx/CVE-2018-8720.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ServiceNow ITSM 2016-06-02 has XSS via the First Name or Last Name field of My Profile (aka navpage.do), or the Search bar of My Portal (aka search_results.do)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://packetstormsecurity.com/files/137427/ServiceNow-ITSM-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/137427/ServiceNow-ITSM-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ServiceNow ITSM 2016-06-02 has XSS via the First Name or Last Name field of My Profile (aka navpage.do), or the Search bar of My Portal (aka search_results.do)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/137427/ServiceNow-ITSM-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/137427/ServiceNow-ITSM-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8766.json b/2018/8xxx/CVE-2018-8766.json index d3c5451e93f..ebac660b3d4 100644 --- a/2018/8xxx/CVE-2018-8766.json +++ b/2018/8xxx/CVE-2018-8766.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/admin_vod.php?action=add." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/joyplus/joyplus-cms/issues/421", - "refsource" : "MISC", - "url" : "https://github.com/joyplus/joyplus-cms/issues/421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/admin_vod.php?action=add." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/joyplus/joyplus-cms/issues/421", + "refsource": "MISC", + "url": "https://github.com/joyplus/joyplus-cms/issues/421" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8924.json b/2018/8xxx/CVE-2018-8924.json index 1c4eb12e63b..3d38d32f894 100644 --- a/2018/8xxx/CVE-2018-8924.json +++ b/2018/8xxx/CVE-2018-8924.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@synology.com", - "DATE_PUBLIC" : "2018-06-05T00:00:00", - "ID" : "CVE-2018-8924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Office", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "3.0.3-2143" - } - ] - } - } - ] - }, - "vendor_name" : "Synology" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "LOW", - "baseScore" : 6.5, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "LOW", - "privilegesRequired" : "LOW", - "scope" : "CHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Neutralization of Input During Web Page Generation (CWE-79)" - } + "CVE_data_meta": { + "ASSIGNER": "security@synology.com", + "DATE_PUBLIC": "2018-06-05T00:00:00", + "ID": "CVE-2018-8924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Office", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "3.0.3-2143" + } + ] + } + } + ] + }, + "vendor_name": "Synology" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.synology.com/zh-tw/support/security/Synology_SA_18_12", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/zh-tw/support/security/Synology_SA_18_12" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Input During Web Page Generation (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.synology.com/zh-tw/support/security/Synology_SA_18_12", + "refsource": "CONFIRM", + "url": "https://www.synology.com/zh-tw/support/security/Synology_SA_18_12" + } + ] + } +} \ No newline at end of file