diff --git a/1999/1xxx/CVE-1999-1487.json b/1999/1xxx/CVE-1999-1487.json index 3c37bd57765..ea67c71c667 100644 --- a/1999/1xxx/CVE-1999-1487.json +++ b/1999/1xxx/CVE-1999-1487.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1487", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in digest in AIX 4.3 allows printq users to gain root privileges by creating and/or modifing any file on the system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IX74599", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/servlet/support/manager?rt=0&rs=0&org=apars&doc=41D8B61D1E1C4FAB852567C9002C546C" - }, - { - "name" : "405", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/405" - }, - { - "name" : "aix-digest(7477)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7477.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in digest in AIX 4.3 allows printq users to gain root privileges by creating and/or modifing any file on the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IX74599", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/servlet/support/manager?rt=0&rs=0&org=apars&doc=41D8B61D1E1C4FAB852567C9002C546C" + }, + { + "name": "aix-digest(7477)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7477.php" + }, + { + "name": "405", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/405" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1213.json b/2000/1xxx/CVE-2000-1213.json index eb37df67bbf..551d4ea71cf 100644 --- a/2000/1xxx/CVE-2000-1213.json +++ b/2000/1xxx/CVE-2000-1213.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, does not drop privileges after acquiring a raw socket, which increases ping's exposure to bugs that otherwise would occur at lower privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001025 Immunix OS Security Update for ping package", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=97249980727834&w=2" - }, - { - "name" : "20001030 Trustix Security Advisory - ping gnupg ypbind", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-10/0429.html" - }, - { - "name" : "RHSA-2000:087", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2000-087.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, does not drop privileges after acquiring a raw socket, which increases ping's exposure to bugs that otherwise would occur at lower privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2000:087", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2000-087.html" + }, + { + "name": "20001025 Immunix OS Security Update for ping package", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=97249980727834&w=2" + }, + { + "name": "20001030 Trustix Security Advisory - ping gnupg ypbind", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0429.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0470.json b/2005/0xxx/CVE-2005-0470.json index 85e414d6619..ee745bae83b 100644 --- a/2005/0xxx/CVE-2005-0470.json +++ b/2005/0xxx/CVE-2005-0470.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200502-22", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200502-22.xml" - }, - { - "name" : "[HostAP] 20050213 wpa_supplicant - new stable releases v0.3.8 and v0.2.7", - "refsource" : "MLIST", - "url" : "http://lists.shmoo.com/pipermail/hostap/2005-February/009465.html" - }, - { - "name" : "1013226", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013226" - }, - { - "name" : "14313", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14313" - }, - { - "name" : "wpasupplicant-bo(19357)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19357" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[HostAP] 20050213 wpa_supplicant - new stable releases v0.3.8 and v0.2.7", + "refsource": "MLIST", + "url": "http://lists.shmoo.com/pipermail/hostap/2005-February/009465.html" + }, + { + "name": "wpasupplicant-bo(19357)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19357" + }, + { + "name": "GLSA-200502-22", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-22.xml" + }, + { + "name": "14313", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14313" + }, + { + "name": "1013226", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013226" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0661.json b/2005/0xxx/CVE-2005-0661.json index fb7766dbcbf..b49d0803d72 100644 --- a/2005/0xxx/CVE-2005-0661.json +++ b/2005/0xxx/CVE-2005-0661.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the getwbbuserdata function in session.php for Woltlab Burning Board 2.0.3 through 2.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) lastvisit cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1013351", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013351" - }, - { - "name" : "14450", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14450" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the getwbbuserdata function in session.php for Woltlab Burning Board 2.0.3 through 2.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) lastvisit cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14450", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14450" + }, + { + "name": "1013351", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013351" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2446.json b/2005/2xxx/CVE-2005-2446.json index 3cc6bbce6ad..66982782701 100644 --- a/2005/2xxx/CVE-2005-2446.json +++ b/2005/2xxx/CVE-2005-2446.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2446", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2369. Reason: This candidate is a duplicate of CVE-2005-2369. Notes: All CVE users should reference CVE-2005-2369 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-2446", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2369. Reason: This candidate is a duplicate of CVE-2005-2369. Notes: All CVE users should reference CVE-2005-2369 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2634.json b/2005/2xxx/CVE-2005-2634.json index 20b4a1b8778..55b12afecf2 100644 --- a/2005/2xxx/CVE-2005-2634.json +++ b/2005/2xxx/CVE-2005-2634.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Log-SCR function in the \"Log to Screen\" feature in WinFtp Server 1.6.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050817 Unicode Buffer Overflow in WinFtp Server 1.6.8", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112431455512374&w=2" - }, - { - "name" : "20050817 Unicode Buffer Overflow in WinFtp Server 1.6.8", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/036173.html" - }, - { - "name" : "http://www.autistici.org/fdonato/advisory/WinFtpServer1.6.8-adv.txt", - "refsource" : "MISC", - "url" : "http://www.autistici.org/fdonato/advisory/WinFtpServer1.6.8-adv.txt" - }, - { - "name" : "14581", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14581" - }, - { - "name" : "16461", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16461/" - }, - { - "name" : "win-ftp-log-scr-bo(21873)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21873" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Log-SCR function in the \"Log to Screen\" feature in WinFtp Server 1.6.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.autistici.org/fdonato/advisory/WinFtpServer1.6.8-adv.txt", + "refsource": "MISC", + "url": "http://www.autistici.org/fdonato/advisory/WinFtpServer1.6.8-adv.txt" + }, + { + "name": "win-ftp-log-scr-bo(21873)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21873" + }, + { + "name": "14581", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14581" + }, + { + "name": "16461", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16461/" + }, + { + "name": "20050817 Unicode Buffer Overflow in WinFtp Server 1.6.8", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112431455512374&w=2" + }, + { + "name": "20050817 Unicode Buffer Overflow in WinFtp Server 1.6.8", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/036173.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2672.json b/2005/2xxx/CVE-2005-2672.json index d775f3f1ae7..63c3020ea33 100644 --- a/2005/2xxx/CVE-2005-2672.json +++ b/2005/2xxx/CVE-2005-2672.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-814", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-814" - }, - { - "name" : "MDKSA-2005:149", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:149" - }, - { - "name" : "RHSA-2005:825", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-825.html" - }, - { - "name" : "USN-172-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/172-1/" - }, - { - "name" : "http://secure.netroedge.com/~lm78/cvs/lm_sensors2/CHANGES", - "refsource" : "CONFIRM", - "url" : "http://secure.netroedge.com/~lm78/cvs/lm_sensors2/CHANGES" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324193", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324193" - }, - { - "name" : "14624", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14624" - }, - { - "name" : "oval:org.mitre.oval:def:9993", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9993" - }, - { - "name" : "ADV-2005-1492", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1492" - }, - { - "name" : "1015180", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015180" - }, - { - "name" : "16501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16501" - }, - { - "name" : "17499", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17499" - }, - { - "name" : "17535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17535" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secure.netroedge.com/~lm78/cvs/lm_sensors2/CHANGES", + "refsource": "CONFIRM", + "url": "http://secure.netroedge.com/~lm78/cvs/lm_sensors2/CHANGES" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324193", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324193" + }, + { + "name": "1015180", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015180" + }, + { + "name": "USN-172-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/172-1/" + }, + { + "name": "17535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17535" + }, + { + "name": "16501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16501" + }, + { + "name": "RHSA-2005:825", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-825.html" + }, + { + "name": "oval:org.mitre.oval:def:9993", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9993" + }, + { + "name": "14624", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14624" + }, + { + "name": "MDKSA-2005:149", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:149" + }, + { + "name": "17499", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17499" + }, + { + "name": "ADV-2005-1492", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1492" + }, + { + "name": "DSA-814", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-814" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2987.json b/2005/2xxx/CVE-2005-2987.json index f15a8e7dde7..5bdf46f0be5 100644 --- a/2005/2xxx/CVE-2005-2987.json +++ b/2005/2xxx/CVE-2005-2987.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in login.php in Digital Scribe 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050915 Digital Scribe v1.4 Login Bypass / SQL injection / remote code execution", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112680124115325&w=2" - }, - { - "name" : "http://rgod.altervista.org/dscribe14.html", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/dscribe14.html" - }, - { - "name" : "14843", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14843" - }, - { - "name" : "ADV-2005-1757", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1757" - }, - { - "name" : "19460", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19460" - }, - { - "name" : "1014909", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014909" - }, - { - "name" : "16841", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16841/" - }, - { - "name" : "10", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/10" - }, - { - "name" : "digitalscribe-login-sql-injection(22286)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22286" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in login.php in Digital Scribe 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050915 Digital Scribe v1.4 Login Bypass / SQL injection / remote code execution", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112680124115325&w=2" + }, + { + "name": "14843", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14843" + }, + { + "name": "16841", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16841/" + }, + { + "name": "10", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/10" + }, + { + "name": "1014909", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014909" + }, + { + "name": "digitalscribe-login-sql-injection(22286)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22286" + }, + { + "name": "ADV-2005-1757", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1757" + }, + { + "name": "19460", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19460" + }, + { + "name": "http://rgod.altervista.org/dscribe14.html", + "refsource": "MISC", + "url": "http://rgod.altervista.org/dscribe14.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3173.json b/2005/3xxx/CVE-2005-3173.json index 16a31f27696..46d0502c990 100644 --- a/2005/3xxx/CVE-2005-3173.json +++ b/2005/3xxx/CVE-2005-3173.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "900345", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/kb/900345" - }, - { - "name" : "821102", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/kb/821102" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "821102", + "refsource": "MSKB", + "url": "http://support.microsoft.com/kb/821102" + }, + { + "name": "900345", + "refsource": "MSKB", + "url": "http://support.microsoft.com/kb/900345" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3508.json b/2005/3xxx/CVE-2005-3508.json index 26904301a52..54fbd6ef425 100644 --- a/2005/3xxx/CVE-2005-3508.json +++ b/2005/3xxx/CVE-2005-3508.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in showGallery.php in Gallery (Galerie) 2.4 allows remote attackers to execute arbitrary SQL commands via the galid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051104 Gallery_v2.4 SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/415806/30/0/threaded" - }, - { - "name" : "15313", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15313" - }, - { - "name" : "ADV-2005-2309", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2309" - }, - { - "name" : "20523", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20523" - }, - { - "name" : "1015162", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015162" - }, - { - "name" : "17453", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17453" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in showGallery.php in Gallery (Galerie) 2.4 allows remote attackers to execute arbitrary SQL commands via the galid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2309", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2309" + }, + { + "name": "1015162", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015162" + }, + { + "name": "20523", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20523" + }, + { + "name": "17453", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17453" + }, + { + "name": "15313", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15313" + }, + { + "name": "20051104 Gallery_v2.4 SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/415806/30/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3555.json b/2005/3xxx/CVE-2005-3555.json index 575a0d2d7a1..6cfa0b1a70f 100644 --- a/2005/3xxx/CVE-2005-3555.json +++ b/2005/3xxx/CVE-2005-3555.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier allow authenticated remote attackers with administrator privileges to execute arbitrary SQL commands via the id parameter in the (1) editattributes or (2) admin page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051107 [TKADV2005-11-001] Multiple vulnerabilities in PHPlist", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/416005/30/0/threaded" - }, - { - "name" : "http://www.trapkit.de/advisories/TKADV2005-11-001.txt", - "refsource" : "MISC", - "url" : "http://www.trapkit.de/advisories/TKADV2005-11-001.txt" - }, - { - "name" : "15350", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15350" - }, - { - "name" : "ADV-2005-2345", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2345" - }, - { - "name" : "20567", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/20567" - }, - { - "name" : "20568", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/20568" - }, - { - "name" : "17476", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17476" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier allow authenticated remote attackers with administrator privileges to execute arbitrary SQL commands via the id parameter in the (1) editattributes or (2) admin page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.trapkit.de/advisories/TKADV2005-11-001.txt", + "refsource": "MISC", + "url": "http://www.trapkit.de/advisories/TKADV2005-11-001.txt" + }, + { + "name": "20051107 [TKADV2005-11-001] Multiple vulnerabilities in PHPlist", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/416005/30/0/threaded" + }, + { + "name": "ADV-2005-2345", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2345" + }, + { + "name": "20568", + "refsource": "OSVDB", + "url": "http://osvdb.org/20568" + }, + { + "name": "20567", + "refsource": "OSVDB", + "url": "http://osvdb.org/20567" + }, + { + "name": "17476", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17476" + }, + { + "name": "15350", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15350" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3929.json b/2005/3xxx/CVE-2005-3929.json index 4de84e2b5ab..1c6ef64fd96 100644 --- a/2005/3xxx/CVE-2005-3929.json +++ b/2005/3xxx/CVE-2005-3929.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the create function in xarMLSXML2PHPBackend.php in Xaraya 1.0 allows remote attackers to create directories and overwrite arbitrary files via \"..\" sequences in the module parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051129 Xaraya <= 1.0.0 RC4 D.O.S / file corruption", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/418087/100/0/threaded" - }, - { - "name" : "20051130 Re: Xaraya <= 1.0.0 RC4 D.O.S / file corruption", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/418191/100/0/threaded" - }, - { - "name" : "20051130 Re: Re: Xaraya <= 1.0.0 RC4 D.O.S / file corruption", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/418209/100/0/threaded" - }, - { - "name" : "http://rgod.altervista.org/xaraya1DOS.hmtl", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/xaraya1DOS.hmtl" - }, - { - "name" : "15623", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15623" - }, - { - "name" : "ADV-2005-2665", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2665" - }, - { - "name" : "17788", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17788" - }, - { - "name" : "217", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/217" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the create function in xarMLSXML2PHPBackend.php in Xaraya 1.0 allows remote attackers to create directories and overwrite arbitrary files via \"..\" sequences in the module parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051129 Xaraya <= 1.0.0 RC4 D.O.S / file corruption", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/418087/100/0/threaded" + }, + { + "name": "ADV-2005-2665", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2665" + }, + { + "name": "http://rgod.altervista.org/xaraya1DOS.hmtl", + "refsource": "MISC", + "url": "http://rgod.altervista.org/xaraya1DOS.hmtl" + }, + { + "name": "17788", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17788" + }, + { + "name": "217", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/217" + }, + { + "name": "20051130 Re: Xaraya <= 1.0.0 RC4 D.O.S / file corruption", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/418191/100/0/threaded" + }, + { + "name": "15623", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15623" + }, + { + "name": "20051130 Re: Re: Xaraya <= 1.0.0 RC4 D.O.S / file corruption", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/418209/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3983.json b/2005/3xxx/CVE-2005-3983.json index c8dd48d71fe..17ed0e81360 100644 --- a/2005/3xxx/CVE-2005-3983.json +++ b/2005/3xxx/CVE-2005-3983.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the login page for HP Systems Insight Manager (SIM) 4.0 and 4.1, when accessed by Microsoft Internet Explorer with the MS04-025 patch, leads to a denial of service (browser hang). NOTE: although the advisory is vague, this issue does not appear to involve an attacker at all. If not, then this issue is not a vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA01076", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/418280/100/0/threaded" - }, - { - "name" : "SSRT4787", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/418280/100/0/threaded" - }, - { - "name" : "oval:org.mitre.oval:def:1582", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1582" - }, - { - "name" : "hp-sim-ms04025dos(17235)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the login page for HP Systems Insight Manager (SIM) 4.0 and 4.1, when accessed by Microsoft Internet Explorer with the MS04-025 patch, leads to a denial of service (browser hang). NOTE: although the advisory is vague, this issue does not appear to involve an attacker at all. If not, then this issue is not a vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT4787", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/418280/100/0/threaded" + }, + { + "name": "HPSBMA01076", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/418280/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:1582", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1582" + }, + { + "name": "hp-sim-ms04025dos(17235)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17235" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4279.json b/2005/4xxx/CVE-2005-4279.json index 894de116345..458bc3eae7c 100644 --- a/2005/4xxx/CVE-2005-4279.json +++ b/2005/4xxx/CVE-2005-4279.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4279", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200510-14", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200510-14.xml" - }, - { - "name" : "15120", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15120" - }, - { - "name" : "ADV-2005-2119", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2119" - }, - { - "name" : "20087", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20087" - }, - { - "name" : "17232", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17232" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2119", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2119" + }, + { + "name": "GLSA-200510-14", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-14.xml" + }, + { + "name": "20087", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20087" + }, + { + "name": "17232", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17232" + }, + { + "name": "15120", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15120" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4314.json b/2005/4xxx/CVE-2005-4314.json index 23535c4404c..b6459d2cda6 100644 --- a/2005/4xxx/CVE-2005-4314.json +++ b/2005/4xxx/CVE-2005-4314.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ppcal.cgi in PPCal Shopping Cart 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) stop and (2) user parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/ppcal-shopping-cart-xss.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/ppcal-shopping-cart-xss.html" - }, - { - "name" : "15892", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15892" - }, - { - "name" : "ADV-2005-2918", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2918" - }, - { - "name" : "18032", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18032" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ppcal.cgi in PPCal Shopping Cart 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) stop and (2) user parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2005/12/ppcal-shopping-cart-xss.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/ppcal-shopping-cart-xss.html" + }, + { + "name": "18032", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18032" + }, + { + "name": "15892", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15892" + }, + { + "name": "ADV-2005-2918", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2918" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4535.json b/2005/4xxx/CVE-2005-4535.json index 89466996685..926fa289f1b 100644 --- a/2005/4xxx/CVE-2005-4535.json +++ b/2005/4xxx/CVE-2005-4535.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4535", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-4535", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4773.json b/2005/4xxx/CVE-2005-4773.json index 1dfcb36d2e0..d9570ba959a 100644 --- a/2005/4xxx/CVE-2005-4773.json +++ b/2005/4xxx/CVE-2005-4773.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x allows local users to cause a denial of service (shutdown) via the (1) halt, (2) poweroff, and (3) reboot scripts executed at the service console." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vmware.com/support/kb/enduser/std_adp.php?p_sid=dsxk*BWh&p_lva=&p_faqid=1817", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/kb/enduser/std_adp.php?p_sid=dsxk*BWh&p_lva=&p_faqid=1817" - }, - { - "name" : "21584", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21584" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x allows local users to cause a denial of service (shutdown) via the (1) halt, (2) poweroff, and (3) reboot scripts executed at the service console." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_sid=dsxk*BWh&p_lva=&p_faqid=1817", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_sid=dsxk*BWh&p_lva=&p_faqid=1817" + }, + { + "name": "21584", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21584" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2341.json b/2009/2xxx/CVE-2009-2341.json index 2f2310e4966..ee01b9efdf2 100644 --- a/2009/2xxx/CVE-2009-2341.json +++ b/2009/2xxx/CVE-2009-2341.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in albumdetail.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the albumid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9080", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9080" - }, - { - "name" : "35562", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35562" - }, - { - "name" : "55561", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55561" - }, - { - "name" : "35677", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35677" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in albumdetail.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the albumid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35562", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35562" + }, + { + "name": "9080", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9080" + }, + { + "name": "55561", + "refsource": "OSVDB", + "url": "http://osvdb.org/55561" + }, + { + "name": "35677", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35677" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3003.json b/2009/3xxx/CVE-2009-3003.json index e564142ae33..95da8ab4f3b 100644 --- a/2009/3xxx/CVE-2009-3003.json +++ b/2009/3xxx/CVE-2009-3003.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html" - }, - { - "name" : "oval:org.mitre.oval:def:12817", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12817" - }, - { - "name" : "36334", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36334" - }, - { - "name" : "ie-windowopen-spoofing(53005)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53005" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ie-windowopen-spoofing(53005)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53005" + }, + { + "name": "36334", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36334" + }, + { + "name": "http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html" + }, + { + "name": "oval:org.mitre.oval:def:12817", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12817" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3106.json b/2009/3xxx/CVE-2009-3106.json index 00387db1286..37e58bc5273 100644 --- a/2009/3xxx/CVE-2009-3106.json +++ b/2009/3xxx/CVE-2009-3106.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37 does not properly implement security constraints on the (1) doGet and (2) doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via a crafted HTTP HEAD request to a Web Application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27006876", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27006876" - }, - { - "name" : "PK83258", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK83258" - }, - { - "name" : "was-doget-dotrace-security-bypass(53051)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53051" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37 does not properly implement security constraints on the (1) doGet and (2) doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via a crafted HTTP HEAD request to a Web Application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27006876", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27006876" + }, + { + "name": "was-doget-dotrace-security-bypass(53051)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53051" + }, + { + "name": "PK83258", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK83258" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3341.json b/2009/3xxx/CVE-2009-3341.json index 7b4c5fbdf19..6707f90eeb7 100644 --- a/2009/3xxx/CVE-2009-3341.json +++ b/2009/3xxx/CVE-2009-3341.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow on the Linksys WRT54GL wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://intevydis.com/vd-list.shtml", - "refsource" : "MISC", - "url" : "http://intevydis.com/vd-list.shtml" - }, - { - "name" : "1022827", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022827" - }, - { - "name" : "36571", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow on the Linksys WRT54GL wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1022827", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022827" + }, + { + "name": "36571", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36571" + }, + { + "name": "http://intevydis.com/vd-list.shtml", + "refsource": "MISC", + "url": "http://intevydis.com/vd-list.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3515.json b/2009/3xxx/CVE-2009-3515.json index 616eba80003..e3d677b1195 100644 --- a/2009/3xxx/CVE-2009-3515.json +++ b/2009/3xxx/CVE-2009-3515.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in dnet_admin/index.php in d.net CMS allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the type parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9312", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9312" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in dnet_admin/index.php in d.net CMS allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the type parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9312", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9312" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3528.json b/2009/3xxx/CVE-2009-3528.json index 8d07bf5ae10..29f557f1985 100644 --- a/2009/3xxx/CVE-2009-3528.json +++ b/2009/3xxx/CVE-2009-3528.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3528", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Profile.php in MyMsg 1.0.3 allows remote authenticated users to execute arbitrary SQL commands via the uid parameter in a show action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3528", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9105", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9105" - }, - { - "name" : "55792", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/55792" - }, - { - "name" : "35753", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35753" - }, - { - "name" : "mymsg-profile-sql-injection(51635)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51635" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Profile.php in MyMsg 1.0.3 allows remote authenticated users to execute arbitrary SQL commands via the uid parameter in a show action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9105", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9105" + }, + { + "name": "35753", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35753" + }, + { + "name": "55792", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/55792" + }, + { + "name": "mymsg-profile-sql-injection(51635)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51635" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3677.json b/2009/3xxx/CVE-2009-3677.json index 460ffc62bfe..86d84dd644c 100644 --- a/2009/3xxx/CVE-2009-3677.json +++ b/2009/3xxx/CVE-2009-3677.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3677", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka \"MS-CHAP Authentication Bypass Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-3677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS09-071", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-071" - }, - { - "name" : "TA09-342A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-342A.html" - }, - { - "name" : "oval:org.mitre.oval:def:6209", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6209" - }, - { - "name" : "1023291", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka \"MS-CHAP Authentication Bypass Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS09-071", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-071" + }, + { + "name": "TA09-342A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html" + }, + { + "name": "1023291", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023291" + }, + { + "name": "oval:org.mitre.oval:def:6209", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6209" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4091.json b/2009/4xxx/CVE-2009-4091.json index 3233224d09f..28610aa1ffa 100644 --- a/2009/4xxx/CVE-2009-4091.json +++ b/2009/4xxx/CVE-2009-4091.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "comments.php in Simplog 0.9.3.2, and possibly earlier, does not properly restrict access, which allows remote attackers to edit or delete comments via the (1) edit or (2) del action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "10180", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10180" - }, - { - "name" : "37063", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37063" - }, - { - "name" : "21390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21390" - }, - { - "name" : "simplog-comments-security-bypass(54355)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54355" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "comments.php in Simplog 0.9.3.2, and possibly earlier, does not properly restrict access, which allows remote attackers to edit or delete comments via the (1) edit or (2) del action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "simplog-comments-security-bypass(54355)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54355" + }, + { + "name": "21390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21390" + }, + { + "name": "10180", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10180" + }, + { + "name": "37063", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37063" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4424.json b/2009/4xxx/CVE-2009-4424.json index cdca28cb0c9..dcb3d9f1783 100644 --- a/2009/4xxx/CVE-2009-4424.json +++ b/2009/4xxx/CVE-2009-4424.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4424", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in results.php in the Pyrmont plugin 2 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4424", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0912-exploits/wppyrmont-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0912-exploits/wppyrmont-sql.txt" - }, - { - "name" : "10535", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10535" - }, - { - "name" : "37409", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37409" - }, - { - "name" : "pyrmontv2-id-sql-injection(54907)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54907" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in results.php in the Pyrmont plugin 2 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0912-exploits/wppyrmont-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0912-exploits/wppyrmont-sql.txt" + }, + { + "name": "pyrmontv2-id-sql-injection(54907)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54907" + }, + { + "name": "10535", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10535" + }, + { + "name": "37409", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37409" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4751.json b/2009/4xxx/CVE-2009-4751.json index 7a29711865b..e452548b278 100644 --- a/2009/4xxx/CVE-2009-4751.json +++ b/2009/4xxx/CVE-2009-4751.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4751", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4751", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.packetstormsecurity.org/0907-exploits/swingerclub-sqlrfi.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.org/0907-exploits/swingerclub-sqlrfi.txt" - }, - { - "name" : "55794", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/55794" - }, - { - "name" : "35724", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35724" - }, - { - "name" : "swingerclub-start-sql-injection(51660)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.packetstormsecurity.org/0907-exploits/swingerclub-sqlrfi.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.org/0907-exploits/swingerclub-sqlrfi.txt" + }, + { + "name": "swingerclub-start-sql-injection(51660)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51660" + }, + { + "name": "55794", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/55794" + }, + { + "name": "35724", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35724" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0167.json b/2015/0xxx/CVE-2015-0167.json index f05d2337904..5f1a1e91be5 100644 --- a/2015/0xxx/CVE-2015-0167.json +++ b/2015/0xxx/CVE-2015-0167.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in textAngular-sanitize.js in textAngular before 1.3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the editor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/fraywing/textAngular/releases/tag/v1.3.7", - "refsource" : "CONFIRM", - "url" : "https://github.com/fraywing/textAngular/releases/tag/v1.3.7" - }, - { - "name" : "textangular-cve20150167-xss(100929)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in textAngular-sanitize.js in textAngular before 1.3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the editor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/fraywing/textAngular/releases/tag/v1.3.7", + "refsource": "CONFIRM", + "url": "https://github.com/fraywing/textAngular/releases/tag/v1.3.7" + }, + { + "name": "textangular-cve20150167-xss(100929)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100929" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0676.json b/2015/0xxx/CVE-2015-0676.json index d90ac18159c..4a173a7c936 100644 --- a/2015/0xxx/CVE-2015-0676.json +++ b/2015/0xxx/CVE-2015-0676.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0676", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DNS implementation in Cisco Adaptive Security Appliance (ASA) Software 7.2 before 7.2(5.16), 8.2 before 8.2(5.57), 8.3 before 8.3(2.44), 8.4 before 8.4(7.28), 8.5 before 8.5(1.24), 8.6 before 8.6(1.17), 8.7 before 8.7(1.16), 9.0 before 9.0(4.33), 9.1 before 9.1(6.1), 9.2 before 9.2(3.4), and 9.3 before 9.3(3) allows man-in-the-middle attackers to cause a denial of service (memory consumption or device outage) by triggering outbound DNS queries and then sending crafted responses to these queries, aka Bug ID CSCuq77655." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150408 Multiple Vulnerabilities in Cisco ASA Software", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa" - }, - { - "name" : "1032045", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032045" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DNS implementation in Cisco Adaptive Security Appliance (ASA) Software 7.2 before 7.2(5.16), 8.2 before 8.2(5.57), 8.3 before 8.3(2.44), 8.4 before 8.4(7.28), 8.5 before 8.5(1.24), 8.6 before 8.6(1.17), 8.7 before 8.7(1.16), 9.0 before 9.0(4.33), 9.1 before 9.1(6.1), 9.2 before 9.2(3.4), and 9.3 before 9.3(3) allows man-in-the-middle attackers to cause a denial of service (memory consumption or device outage) by triggering outbound DNS queries and then sending crafted responses to these queries, aka Bug ID CSCuq77655." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032045", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032045" + }, + { + "name": "20150408 Multiple Vulnerabilities in Cisco ASA Software", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0866.json b/2015/0xxx/CVE-2015-0866.json index 315a1e0db5e..54b15add5ae 100644 --- a/2015/0xxx/CVE-2015-0866.json +++ b/2015/0xxx/CVE-2015-0866.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0866", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.9 before hotfix 7941 allow remote attackers to inject arbitrary web script or HTML via the (1) fromCustomer, (2) username, or (3) password parameter to HomePage.do." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0866", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150128 Two XSS Vulnerabilities in SupportCenter Plus", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534564/100/0/threaded" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23247", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23247" - }, - { - "name" : "https://forums.manageengine.com/topic/security-update-for-supportcenter-plus", - "refsource" : "CONFIRM", - "url" : "https://forums.manageengine.com/topic/security-update-for-supportcenter-plus" - }, - { - "name" : "72349", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72349" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.9 before hotfix 7941 allow remote attackers to inject arbitrary web script or HTML via the (1) fromCustomer, (2) username, or (3) password parameter to HomePage.do." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.htbridge.com/advisory/HTB23247", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23247" + }, + { + "name": "https://forums.manageengine.com/topic/security-update-for-supportcenter-plus", + "refsource": "CONFIRM", + "url": "https://forums.manageengine.com/topic/security-update-for-supportcenter-plus" + }, + { + "name": "72349", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72349" + }, + { + "name": "20150128 Two XSS Vulnerabilities in SupportCenter Plus", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534564/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0957.json b/2015/0xxx/CVE-2015-0957.json index 477587be31c..1dbd2f9be5c 100644 --- a/2015/0xxx/CVE-2015-0957.json +++ b/2015/0xxx/CVE-2015-0957.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0957", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0957", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1050.json b/2015/1xxx/CVE-2015-1050.json index 82f9991ab2f..3e86d823e50 100644 --- a/2015/1xxx/CVE-2015-1050.json +++ b/2015/1xxx/CVE-2015-1050.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in F5 BIG-IP Application Security Manager (ASM) before 11.6 allows remote attackers to inject arbitrary web script or HTML via the Response Body field when creating a new user account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150113 [Corrected] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534459/100/0/threaded" - }, - { - "name" : "20150113 [Corrected] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/43" - }, - { - "name" : "http://packetstormsecurity.com/files/129911/F5-BIG-IP-Application-Security-Manager-ASM-XSS.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129911/F5-BIG-IP-Application-Security-Manager-ASM-XSS.html" - }, - { - "name" : "1031551", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031551" - }, - { - "name" : "f5bigip-responsebody-xss(99907)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99907" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in F5 BIG-IP Application Security Manager (ASM) before 11.6 allows remote attackers to inject arbitrary web script or HTML via the Response Body field when creating a new user account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150113 [Corrected] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534459/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/129911/F5-BIG-IP-Application-Security-Manager-ASM-XSS.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129911/F5-BIG-IP-Application-Security-Manager-ASM-XSS.html" + }, + { + "name": "f5bigip-responsebody-xss(99907)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99907" + }, + { + "name": "20150113 [Corrected] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/43" + }, + { + "name": "1031551", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031551" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1265.json b/2015/1xxx/CVE-2015-1265.json index ffe0e473959..6de2450486b 100644 --- a/2015/1xxx/CVE-2015-1265.json +++ b/2015/1xxx/CVE-2015-1265.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1265", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37766", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37766/" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=413534", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=413534" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=445741", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=445741" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=448057", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=448057" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=454157", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=454157" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=458026", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=458026" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=464642", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=464642" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=464792", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=464792" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=465426", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=465426" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=467372", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=467372" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=467644", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=467644" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=474784", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=474784" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=475070", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=475070" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=476107", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=476107" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=484270", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=484270" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=485412", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=485412" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=485419", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=485419" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=489518", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=489518" - }, - { - "name" : "DSA-3267", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3267" - }, - { - "name" : "GLSA-201506-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201506-04" - }, - { - "name" : "openSUSE-SU-2015:1877", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html" - }, - { - "name" : "openSUSE-SU-2015:0969", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html" - }, - { - "name" : "74727", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74727" - }, - { - "name" : "1032375", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032375" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=445741", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=445741" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=413534", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=413534" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=448057", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=448057" + }, + { + "name": "openSUSE-SU-2015:0969", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=484270", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=484270" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=464792", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=464792" + }, + { + "name": "37766", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37766/" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=485412", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=485412" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=454157", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=454157" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=467644", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=467644" + }, + { + "name": "74727", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74727" + }, + { + "name": "GLSA-201506-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201506-04" + }, + { + "name": "openSUSE-SU-2015:1877", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html" + }, + { + "name": "1032375", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032375" + }, + { + "name": "DSA-3267", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3267" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=476107", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=476107" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=475070", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=475070" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=465426", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=465426" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=458026", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=458026" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=474784", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=474784" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=464642", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=464642" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=489518", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=489518" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=485419", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=485419" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=467372", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=467372" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1306.json b/2015/1xxx/CVE-2015-1306.json index ac8277181bb..22c22a59df2 100644 --- a/2015/1xxx/CVE-2015-1306.json +++ b/2015/1xxx/CVE-2015-1306.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2015-1306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150120 Possible CVE request: sympa: vulnerability in the web interface", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/20/4" - }, - { - "name" : "https://www.sympa.org/security_advisories", - "refsource" : "CONFIRM", - "url" : "https://www.sympa.org/security_advisories" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0085.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0085.html" - }, - { - "name" : "DSA-3134", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3134" - }, - { - "name" : "MDVSA-2015:051", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:051" - }, - { - "name" : "72277", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72277" - }, - { - "name" : "62387", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62387" - }, - { - "name" : "62442", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2015:051", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:051" + }, + { + "name": "[oss-security] 20150120 Possible CVE request: sympa: vulnerability in the web interface", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/20/4" + }, + { + "name": "https://www.sympa.org/security_advisories", + "refsource": "CONFIRM", + "url": "https://www.sympa.org/security_advisories" + }, + { + "name": "62387", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62387" + }, + { + "name": "72277", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72277" + }, + { + "name": "62442", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62442" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0085.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0085.html" + }, + { + "name": "DSA-3134", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3134" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1317.json b/2015/1xxx/CVE-2015-1317.json index 829a656fce8..3a755fc2a8b 100644 --- a/2015/1xxx/CVE-2015-1317.json +++ b/2015/1xxx/CVE-2015-1317.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2015-1317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/oxide/+bug/1431484", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/oxide/+bug/1431484" - }, - { - "name" : "USN-2556-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2556-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/oxide/+bug/1431484", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/oxide/+bug/1431484" + }, + { + "name": "USN-2556-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2556-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1864.json b/2015/1xxx/CVE-2015-1864.json index 3d120228c31..287840766f3 100644 --- a/2015/1xxx/CVE-2015-1864.json +++ b/2015/1xxx/CVE-2015-1864.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name user details, or the (3) repository, (4) repository group, or (5) user group description." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150414 CVE-2015-1864: Multiple HTML and Javascript injections", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/04/14/12" - }, - { - "name" : "https://kallithea-scm.org/repos/kallithea/changeset/a8f2986afc18c9221bf99f88b06e60ab83c86c55", - "refsource" : "CONFIRM", - "url" : "https://kallithea-scm.org/repos/kallithea/changeset/a8f2986afc18c9221bf99f88b06e60ab83c86c55" - }, - { - "name" : "https://kallithea-scm.org/security/cve-2015-1864.html", - "refsource" : "CONFIRM", - "url" : "https://kallithea-scm.org/security/cve-2015-1864.html" - }, - { - "name" : "74184", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name user details, or the (3) repository, (4) repository group, or (5) user group description." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kallithea-scm.org/security/cve-2015-1864.html", + "refsource": "CONFIRM", + "url": "https://kallithea-scm.org/security/cve-2015-1864.html" + }, + { + "name": "74184", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74184" + }, + { + "name": "[oss-security] 20150414 CVE-2015-1864: Multiple HTML and Javascript injections", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/04/14/12" + }, + { + "name": "https://kallithea-scm.org/repos/kallithea/changeset/a8f2986afc18c9221bf99f88b06e60ab83c86c55", + "refsource": "CONFIRM", + "url": "https://kallithea-scm.org/repos/kallithea/changeset/a8f2986afc18c9221bf99f88b06e60ab83c86c55" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4014.json b/2015/4xxx/CVE-2015-4014.json index 835c0b215e7..ece6312a55b 100644 --- a/2015/4xxx/CVE-2015-4014.json +++ b/2015/4xxx/CVE-2015-4014.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4014", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4014", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4536.json b/2015/4xxx/CVE-2015-4536.json index c1c8e531ce7..a723e4d7230 100644 --- a/2015/4xxx/CVE-2015-4536.json +++ b/2015/4xxx/CVE-2015-4536.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authenticated users to obtain sensitive information by reading this file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2015-4536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150817 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2015/Aug/86" - }, - { - "name" : "76412", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76412" - }, - { - "name" : "1033296", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authenticated users to obtain sensitive information by reading this file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033296", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033296" + }, + { + "name": "20150817 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2015/Aug/86" + }, + { + "name": "76412", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76412" + } + ] + } +} \ No newline at end of file diff --git a/2018/1999xxx/CVE-2018-1999036.json b/2018/1999xxx/CVE-2018-1999036.json index 0c6ebb305ca..a98f02ec44b 100644 --- a/2018/1999xxx/CVE-2018-1999036.json +++ b/2018/1999xxx/CVE-2018-1999036.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-07-31T20:04:28.271874", - "DATE_REQUESTED" : "2018-07-30T00:00:00", - "ID" : "CVE-2018-1999036", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins SSH Agent Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "1.15 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-532" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-07-31T20:04:28.271874", + "DATE_REQUESTED": "2018-07-30T00:00:00", + "ID": "CVE-2018-1999036", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3082.json b/2018/3xxx/CVE-2018-3082.json index 93df1064d27..f989933c25a 100644 --- a/2018/3xxx/CVE-2018-3082.json +++ b/2018/3xxx/CVE-2018-3082.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.0.11 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.0.11 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180726-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180726-0002/" - }, - { - "name" : "104772", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104772" - }, - { - "name" : "1041294", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "1041294", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041294" + }, + { + "name": "104772", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104772" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180726-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180726-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3508.json b/2018/3xxx/CVE-2018-3508.json index 4850b4efffa..8097751c145 100644 --- a/2018/3xxx/CVE-2018-3508.json +++ b/2018/3xxx/CVE-2018-3508.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3508", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3508", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3654.json b/2018/3xxx/CVE-2018-3654.json index 467d490c77f..d4b444b71a2 100644 --- a/2018/3xxx/CVE-2018-3654.json +++ b/2018/3xxx/CVE-2018-3654.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3654", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3654", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6024.json b/2018/6xxx/CVE-2018-6024.json index 718ee3cb93a..ed114ba48f5 100644 --- a/2018/6xxx/CVE-2018-6024.json +++ b/2018/6xxx/CVE-2018-6024.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44124", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44124/" - }, - { - "name" : "http://packetstormsecurity.com/files/146454/Joomla-Project-Log-1.5.3-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/146454/Joomla-Project-Log-1.5.3-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44124", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44124/" + }, + { + "name": "http://packetstormsecurity.com/files/146454/Joomla-Project-Log-1.5.3-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/146454/Joomla-Project-Log-1.5.3-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6078.json b/2018/6xxx/CVE-2018-6078.json index 915689db619..1b9f970a4ef 100644 --- a/2018/6xxx/CVE-2018-6078.json +++ b/2018/6xxx/CVE-2018-6078.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-6078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "65.0.3325.146" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient policy enforcement" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-6078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "65.0.3325.146" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/793628", - "refsource" : "MISC", - "url" : "https://crbug.com/793628" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4182", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4182" - }, - { - "name" : "RHSA-2018:0484", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0484" - }, - { - "name" : "103297", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103297" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html" + }, + { + "name": "103297", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103297" + }, + { + "name": "RHSA-2018:0484", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0484" + }, + { + "name": "https://crbug.com/793628", + "refsource": "MISC", + "url": "https://crbug.com/793628" + }, + { + "name": "DSA-4182", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4182" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6378.json b/2018/6xxx/CVE-2018-6378.json index 071d4a3ce51..9b7832a9426 100644 --- a/2018/6xxx/CVE-2018-6378.json +++ b/2018/6xxx/CVE-2018-6378.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://developer.joomla.org/security-centre/737-20180509-core-xss-vulnerability-in-the-media-manager.html", - "refsource" : "MISC", - "url" : "https://developer.joomla.org/security-centre/737-20180509-core-xss-vulnerability-in-the-media-manager.html" - }, - { - "name" : "104268", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104268" - }, - { - "name" : "1040966", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://developer.joomla.org/security-centre/737-20180509-core-xss-vulnerability-in-the-media-manager.html", + "refsource": "MISC", + "url": "https://developer.joomla.org/security-centre/737-20180509-core-xss-vulnerability-in-the-media-manager.html" + }, + { + "name": "104268", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104268" + }, + { + "name": "1040966", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040966" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6400.json b/2018/6xxx/CVE-2018-6400.json index 3c65cdbba4d..dda439cc3b7 100644 --- a/2018/6xxx/CVE-2018-6400.json +++ b/2018/6xxx/CVE-2018-6400.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \\\\.\\pipe\\WPSCloudSvr\\WpsCloudSvr -- an \"insecurely created named pipe.\" Ensures full access to Everyone users group." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180309 WPS Free Office 10.2.0.5978 - NULL DACL grants full access", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Mar/27" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \\\\.\\pipe\\WPSCloudSvr\\WpsCloudSvr -- an \"insecurely created named pipe.\" Ensures full access to Everyone users group." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180309 WPS Free Office 10.2.0.5978 - NULL DACL grants full access", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Mar/27" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6406.json b/2018/6xxx/CVE-2018-6406.json index ba8d2743fa4..519170b5f6f 100644 --- a/2018/6xxx/CVE-2018-6406.json +++ b/2018/6xxx/CVE-2018-6406.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (heap-based buffer over-read and later out-of-bounds write), or possibly have unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.chromium.org/p/webm/issues/detail?id=1492", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/webm/issues/detail?id=1492" - }, - { - "name" : "https://github.com/dwfault/PoCs/blob/master/libwebm%20ParseVP9SuperFrameIndex%20memory%20corruption/libwebm%20ParseVP9SuperFrameIndex%20OOB%20read.md", - "refsource" : "MISC", - "url" : "https://github.com/dwfault/PoCs/blob/master/libwebm%20ParseVP9SuperFrameIndex%20memory%20corruption/libwebm%20ParseVP9SuperFrameIndex%20OOB%20read.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (heap-based buffer over-read and later out-of-bounds write), or possibly have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.chromium.org/p/webm/issues/detail?id=1492", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/webm/issues/detail?id=1492" + }, + { + "name": "https://github.com/dwfault/PoCs/blob/master/libwebm%20ParseVP9SuperFrameIndex%20memory%20corruption/libwebm%20ParseVP9SuperFrameIndex%20OOB%20read.md", + "refsource": "MISC", + "url": "https://github.com/dwfault/PoCs/blob/master/libwebm%20ParseVP9SuperFrameIndex%20memory%20corruption/libwebm%20ParseVP9SuperFrameIndex%20OOB%20read.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7644.json b/2018/7xxx/CVE-2018-7644.json index 2c9d96d1c96..68e4f486cb9 100644 --- a/2018/7xxx/CVE-2018-7644.json +++ b/2018/7xxx/CVE-2018-7644.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing them to impersonate a user from that Identity Provider, aka a key confusion issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://simplesamlphp.org/security/201802-01", - "refsource" : "CONFIRM", - "url" : "https://simplesamlphp.org/security/201802-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing them to impersonate a user from that Identity Provider, aka a key confusion issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://simplesamlphp.org/security/201802-01", + "refsource": "CONFIRM", + "url": "https://simplesamlphp.org/security/201802-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7659.json b/2018/7xxx/CVE-2018-7659.json index 667a08e0783..d062bb6d766 100644 --- a/2018/7xxx/CVE-2018-7659.json +++ b/2018/7xxx/CVE-2018-7659.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Stored Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via a filename of an uploaded image file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://vipinxsec.blogspot.com/2018/04/stored-xss-in-documentum-d2-steps-to.html", - "refsource" : "MISC", - "url" : "https://vipinxsec.blogspot.com/2018/04/stored-xss-in-documentum-d2-steps-to.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Stored Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via a filename of an uploaded image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://vipinxsec.blogspot.com/2018/04/stored-xss-in-documentum-d2-steps-to.html", + "refsource": "MISC", + "url": "https://vipinxsec.blogspot.com/2018/04/stored-xss-in-documentum-d2-steps-to.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7711.json b/2018/7xxx/CVE-2018-7711.json index d92248fa8a7..90168cdbe8c 100644 --- a/2018/7xxx/CVE-2018-7711.json +++ b/2018/7xxx/CVE-2018-7711.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP functionality that interprets a -1 error code as a true boolean value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180323 [SECURITY] [DLA 1314-1] simplesamlphp security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00017.html" - }, - { - "name" : "https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d", - "refsource" : "CONFIRM", - "url" : "https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d" - }, - { - "name" : "https://simplesamlphp.org/security/201803-01", - "refsource" : "CONFIRM", - "url" : "https://simplesamlphp.org/security/201803-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP functionality that interprets a -1 error code as a true boolean value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d", + "refsource": "CONFIRM", + "url": "https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d" + }, + { + "name": "[debian-lts-announce] 20180323 [SECURITY] [DLA 1314-1] simplesamlphp security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00017.html" + }, + { + "name": "https://simplesamlphp.org/security/201803-01", + "refsource": "CONFIRM", + "url": "https://simplesamlphp.org/security/201803-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7758.json b/2018/7xxx/CVE-2018-7758.json index 5120c8d21b2..bca986c7e92 100644 --- a/2018/7xxx/CVE-2018-7758.json +++ b/2018/7xxx/CVE-2018-7758.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cybersecurity@se.com", - "ID" : "CVE-2018-7758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MiCOM P540D Range with Legacy Ethernet Board", - "version" : { - "version_data" : [ - { - "version_value" : "MiCOM P540D Range with Legacy Ethernet Board, MiCOM Px4x with Legacy Ethernet Board, MiCOM Px4x Rejuvenated" - } - ] - } - } - ] - }, - "vendor_name" : "Schneider Electric SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability exists in Schneider Electric's MiCOM Px4x (P540 range excluded) with legacy Ethernet board, MiCOM P540D Range with Legacy Ethernet Board, and MiCOM Px4x Rejuvenated could lose network communication in case of TCP/IP open requests on port 20000 (DNP3oE) if an older TCI/IP session is still open with identical IP address and port number." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "cybersecurity@schneider-electric.com", + "ID": "CVE-2018-7758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MiCOM P540D Range with Legacy Ethernet Board", + "version": { + "version_data": [ + { + "version_value": "MiCOM P540D Range with Legacy Ethernet Board, MiCOM Px4x with Legacy Ethernet Board, MiCOM Px4x Rejuvenated" + } + ] + } + } + ] + }, + "vendor_name": "Schneider Electric SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-02/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-02/" - }, - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-03/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-03/" - }, - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-04/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-04/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists in Schneider Electric's MiCOM Px4x (P540 range excluded) with legacy Ethernet board, MiCOM P540D Range with Legacy Ethernet Board, and MiCOM Px4x Rejuvenated could lose network communication in case of TCP/IP open requests on port 20000 (DNP3oE) if an older TCI/IP session is still open with identical IP address and port number." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-04/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-04/" + }, + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-03/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-03/" + }, + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-02/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-02/" + } + ] + } +} \ No newline at end of file