diff --git a/2005/0xxx/CVE-2005-0483.json b/2005/0xxx/CVE-2005-0483.json index 9b2e401526b..f8fe1b82791 100644 --- a/2005/0xxx/CVE-2005-0483.json +++ b/2005/0xxx/CVE-2005-0483.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0483", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk.sh, and siteziplist.sh in Glftpd 1.26 to 2.00 allow remote authenticated users to (1) determine the existence of arbitrary files, (2) list files in restricted directories, or (3) read arbitrary files from within ZIP or gzip files, via .. (dot dot) sequences and globbing (\"*\") characters in a SITE NFO command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0483", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050218 Multiple vulnerabilities in Glftpd v1.26 - v2.00 default zip based plug-ins", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/390924" - }, - { - "name" : "12586", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12586" - }, - { - "name" : "glftpd-sitenfosh-directory-traversal(19401)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19401" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk.sh, and siteziplist.sh in Glftpd 1.26 to 2.00 allow remote authenticated users to (1) determine the existence of arbitrary files, (2) list files in restricted directories, or (3) read arbitrary files from within ZIP or gzip files, via .. (dot dot) sequences and globbing (\"*\") characters in a SITE NFO command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050218 Multiple vulnerabilities in Glftpd v1.26 - v2.00 default zip based plug-ins", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/390924" + }, + { + "name": "glftpd-sitenfosh-directory-traversal(19401)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19401" + }, + { + "name": "12586", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12586" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3095.json b/2005/3xxx/CVE-2005-3095.json index c2f6532afd9..6c3013c1ee4 100644 --- a/2005/3xxx/CVE-2005-3095.json +++ b/2005/3xxx/CVE-2005-3095.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Avi Alkalay notify program, dated 19 Aug 2001, allows remote attackers to execute arbitrary commands via shell metacharacters in the from parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cirt.net/advisories/alkalay.shtml", - "refsource" : "MISC", - "url" : "http://www.cirt.net/advisories/alkalay.shtml" - }, - { - "name" : "http://www.alkalay.net/software", - "refsource" : "MISC", - "url" : "http://www.alkalay.net/software" - }, - { - "name" : "14893", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14893" - }, - { - "name" : "ADV-2005-1809", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1809" - }, - { - "name" : "19521", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19521" - }, - { - "name" : "16886", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16886/" - }, - { - "name" : "notify-from-command-injection(22353)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Avi Alkalay notify program, dated 19 Aug 2001, allows remote attackers to execute arbitrary commands via shell metacharacters in the from parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16886", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16886/" + }, + { + "name": "http://www.cirt.net/advisories/alkalay.shtml", + "refsource": "MISC", + "url": "http://www.cirt.net/advisories/alkalay.shtml" + }, + { + "name": "notify-from-command-injection(22353)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22353" + }, + { + "name": "19521", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19521" + }, + { + "name": "http://www.alkalay.net/software", + "refsource": "MISC", + "url": "http://www.alkalay.net/software" + }, + { + "name": "14893", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14893" + }, + { + "name": "ADV-2005-1809", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1809" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3167.json b/2005/3xxx/CVE-2005-3167.json index 17505152da6..0e2c1fed302 100644 --- a/2005/3xxx/CVE-2005-3167.json +++ b/2005/3xxx/CVE-2005-3167.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting (XSS) attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=361505", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=361505" - }, - { - "name" : "SUSE-SR:2005:027", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_27_sr.html" - }, - { - "name" : "15024", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15024" - }, - { - "name" : "17074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17074" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting (XSS) attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15024", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15024" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=361505", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=361505" + }, + { + "name": "17074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17074" + }, + { + "name": "SUSE-SR:2005:027", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3174.json b/2005/3xxx/CVE-2005-3174.json index 9edb6cace9d..1d124e3be19 100644 --- a/2005/3xxx/CVE-2005-3174.json +++ b/2005/3xxx/CVE-2005-3174.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "900345", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/kb/900345" - }, - { - "name" : "830847", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/kb/830847" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "830847", + "refsource": "MSKB", + "url": "http://support.microsoft.com/kb/830847" + }, + { + "name": "900345", + "refsource": "MSKB", + "url": "http://support.microsoft.com/kb/900345" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3519.json b/2005/3xxx/CVE-2005-3519.json index 042a15b1061..cbfddf0ad1d 100644 --- a/2005/3xxx/CVE-2005-3519.json +++ b/2005/3xxx/CVE-2005-3519.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3519", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCLUDE_PATH parameter in init_mysource.php, and the PEAR_PATH parameter in (4) Socket.php, (5) Request.php, (6) Mail.php, (7) Date.php, (8) Span.php, (9) mimeDecode.php, and (10) mime.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051018 Secunia Research: MySource Cross-Site Scripting and File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112966933202769&w=2" - }, - { - "name" : "15133", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15133/discuss" - }, - { - "name" : "ADV-2005-2132", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2132" - }, - { - "name" : "20035", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20035" - }, - { - "name" : "20036", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20036" - }, - { - "name" : "20037", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20037" - }, - { - "name" : "20038", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20038" - }, - { - "name" : "20039", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20039" - }, - { - "name" : "20040", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20040" - }, - { - "name" : "20041", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20041" - }, - { - "name" : "20042", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20042" - }, - { - "name" : "20043", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20043" - }, - { - "name" : "1015075", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015075" - }, - { - "name" : "16946", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16946/" - }, - { - "name" : "92", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/92" - }, - { - "name" : "mysource-multiple-file-include(22772)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22772" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCLUDE_PATH parameter in init_mysource.php, and the PEAR_PATH parameter in (4) Socket.php, (5) Request.php, (6) Mail.php, (7) Date.php, (8) Span.php, (9) mimeDecode.php, and (10) mime.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/92" + }, + { + "name": "20039", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20039" + }, + { + "name": "20037", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20037" + }, + { + "name": "20051018 Secunia Research: MySource Cross-Site Scripting and File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112966933202769&w=2" + }, + { + "name": "20036", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20036" + }, + { + "name": "mysource-multiple-file-include(22772)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22772" + }, + { + "name": "16946", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16946/" + }, + { + "name": "20040", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20040" + }, + { + "name": "ADV-2005-2132", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2132" + }, + { + "name": "15133", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15133/discuss" + }, + { + "name": "1015075", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015075" + }, + { + "name": "20038", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20038" + }, + { + "name": "20041", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20041" + }, + { + "name": "20035", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20035" + }, + { + "name": "20042", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20042" + }, + { + "name": "20043", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20043" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3546.json b/2005/3xxx/CVE-2005-3546.json index 758530a8741..c9bf42466b9 100644 --- a/2005/3xxx/CVE-2005-3546.json +++ b/2005/3xxx/CVE-2005-3546.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "suid.cgi scripts in F-Secure (1) Internet Gatekeeper for Linux before 2.15.484 and (2) Anti-Virus Linux Gateway before 2.16 are installed SUID with world-executable permissions, which allows local users to gain privilege." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.f-secure.com/security/fsc-2005-3.shtml", - "refsource" : "CONFIRM", - "url" : "http://www.f-secure.com/security/fsc-2005-3.shtml" - }, - { - "name" : "15339", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15339" - }, - { - "name" : "ADV-2005-2331", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2331" - }, - { - "name" : "20513", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20513" - }, - { - "name" : "20537", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20537" - }, - { - "name" : "20538", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20538" - }, - { - "name" : "20539", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20539" - }, - { - "name" : "20540", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20540" - }, - { - "name" : "20541", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20541" - }, - { - "name" : "20542", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20542" - }, - { - "name" : "20543", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20543" - }, - { - "name" : "20544", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20544" - }, - { - "name" : "20545", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20545" - }, - { - "name" : "20546", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20546" - }, - { - "name" : "20547", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20547" - }, - { - "name" : "20548", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20548" - }, - { - "name" : "20549", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20549" - }, - { - "name" : "20550", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20550" - }, - { - "name" : "20551", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20551" - }, - { - "name" : "20552", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20552" - }, - { - "name" : "1015160", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015160" - }, - { - "name" : "1015159", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015159" - }, - { - "name" : "17467", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17467" - }, - { - "name" : "fsecure-scripts-root-privileges(22966)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "suid.cgi scripts in F-Secure (1) Internet Gatekeeper for Linux before 2.15.484 and (2) Anti-Virus Linux Gateway before 2.16 are installed SUID with world-executable permissions, which allows local users to gain privilege." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015160", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015160" + }, + { + "name": "20546", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20546" + }, + { + "name": "20543", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20543" + }, + { + "name": "20538", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20538" + }, + { + "name": "20540", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20540" + }, + { + "name": "20549", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20549" + }, + { + "name": "17467", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17467" + }, + { + "name": "http://www.f-secure.com/security/fsc-2005-3.shtml", + "refsource": "CONFIRM", + "url": "http://www.f-secure.com/security/fsc-2005-3.shtml" + }, + { + "name": "20544", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20544" + }, + { + "name": "20547", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20547" + }, + { + "name": "ADV-2005-2331", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2331" + }, + { + "name": "20550", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20550" + }, + { + "name": "20541", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20541" + }, + { + "name": "20551", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20551" + }, + { + "name": "20537", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20537" + }, + { + "name": "1015159", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015159" + }, + { + "name": "20545", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20545" + }, + { + "name": "20513", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20513" + }, + { + "name": "20552", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20552" + }, + { + "name": "fsecure-scripts-root-privileges(22966)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22966" + }, + { + "name": "20539", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20539" + }, + { + "name": "20548", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20548" + }, + { + "name": "15339", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15339" + }, + { + "name": "20542", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20542" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3694.json b/2005/3xxx/CVE-2005-3694.json index 8bdbb7006ab..3140e426996 100644 --- a/2005/3xxx/CVE-2005-3694.json +++ b/2005/3xxx/CVE-2005-3694.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3694", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "centericq 4.20.0-r3 with \"Enable peer-to-peer communications\" set allows remote attackers to cause a denial of service (segmentation fault and crash) via short zero-length packets, and possibly packets of length 1 or 2, as demonstrated using Nessus." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-3694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334089", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334089" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=100519", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=100519" - }, - { - "name" : "DSA-912", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-912" - }, - { - "name" : "GLSA-200512-11", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200512-11.xml" - }, - { - "name" : "15649", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15649" - }, - { - "name" : "21270", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21270" - }, - { - "name" : "17798", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17798" - }, - { - "name" : "17818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17818" - }, - { - "name" : "18081", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18081" - }, - { - "name" : "centericq-zero-length-dos(23327)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23327" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "centericq 4.20.0-r3 with \"Enable peer-to-peer communications\" set allows remote attackers to cause a denial of service (segmentation fault and crash) via short zero-length packets, and possibly packets of length 1 or 2, as demonstrated using Nessus." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "centericq-zero-length-dos(23327)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23327" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=100519", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=100519" + }, + { + "name": "GLSA-200512-11", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200512-11.xml" + }, + { + "name": "21270", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21270" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334089", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334089" + }, + { + "name": "15649", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15649" + }, + { + "name": "DSA-912", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-912" + }, + { + "name": "17798", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17798" + }, + { + "name": "17818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17818" + }, + { + "name": "18081", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18081" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3822.json b/2005/3xxx/CVE-2005-3822.json index d3ed1531645..c5da8db318d 100644 --- a/2005/3xxx/CVE-2005-3822.json +++ b/2005/3xxx/CVE-2005-3822.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051125 SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM ", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113290708121951&w=2" - }, - { - "name" : "20051125 SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM ", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/417711/30/0/threaded" - }, - { - "name" : "15569", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15569" - }, - { - "name" : "ADV-2005-2569", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2569" - }, - { - "name" : "1015274", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015274" - }, - { - "name" : "17693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17693" - }, - { - "name" : "203", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/203" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BUGTRAQ", + "name": "20051125 SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM", + "url": "http://www.securityfocus.com/archive/1/417711/30/0/threaded" + }, + { + "name": "15569", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15569" + }, + { + "name": "ADV-2005-2569", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2569" + }, + { + "name": "203", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/203" + }, + { + "name": "1015274", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015274" + }, + { + "refsource": "FULLDISC", + "name": "20051125 SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM", + "url": "http://marc.info/?l=full-disclosure&m=113290708121951&w=2" + }, + { + "name": "17693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17693" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3957.json b/2005/3xxx/CVE-2005-3957.json index ccdd35031ef..493860e3097 100644 --- a/2005/3xxx/CVE-2005-3957.json +++ b/2005/3xxx/CVE-2005-3957.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3957", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Trackback functionality in DotClear 1.2.1 has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3957", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.dotclear.net/forum/viewtopic.php?id=12895", - "refsource" : "CONFIRM", - "url" : "http://www.dotclear.net/forum/viewtopic.php?id=12895" - }, - { - "name" : "15624", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15624" - }, - { - "name" : "17769", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17769" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Trackback functionality in DotClear 1.2.1 has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15624", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15624" + }, + { + "name": "http://www.dotclear.net/forum/viewtopic.php?id=12895", + "refsource": "CONFIRM", + "url": "http://www.dotclear.net/forum/viewtopic.php?id=12895" + }, + { + "name": "17769", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17769" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4243.json b/2005/4xxx/CVE-2005-4243.json index 889c162a81f..de2ebf2a542 100644 --- a/2005/4xxx/CVE-2005-4243.json +++ b/2005/4xxx/CVE-2005-4243.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/quickpaypro-31-multiple-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/quickpaypro-31-multiple-vuln.html" - }, - { - "name" : "15863", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15863" - }, - { - "name" : "ADV-2005-2875", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2875" - }, - { - "name" : "21680", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21680" - }, - { - "name" : "21678", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21678" - }, - { - "name" : "21681", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21681" - }, - { - "name" : "21676", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21676" - }, - { - "name" : "21679", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21679" - }, - { - "name" : "21677", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21677" - }, - { - "name" : "17981", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17981" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2005/12/quickpaypro-31-multiple-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/quickpaypro-31-multiple-vuln.html" + }, + { + "name": "ADV-2005-2875", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2875" + }, + { + "name": "21676", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21676" + }, + { + "name": "21681", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21681" + }, + { + "name": "17981", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17981" + }, + { + "name": "21679", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21679" + }, + { + "name": "15863", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15863" + }, + { + "name": "21677", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21677" + }, + { + "name": "21680", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21680" + }, + { + "name": "21678", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21678" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4410.json b/2005/4xxx/CVE-2005-4410.json index 619d4af7d84..b51bb86ea69 100644 --- a/2005/4xxx/CVE-2005-4410.json +++ b/2005/4xxx/CVE-2005-4410.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4410", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in NQcontent 3 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the text parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4410", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/nqcontent-v3-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/nqcontent-v3-xss-vuln.html" - }, - { - "name" : "15989", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15989" - }, - { - "name" : "21829", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21829" - }, - { - "name" : "17994", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17994" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in NQcontent 3 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the text parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21829", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21829" + }, + { + "name": "15989", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15989" + }, + { + "name": "17994", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17994" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/nqcontent-v3-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/nqcontent-v3-xss-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4418.json b/2005/4xxx/CVE-2005-4418.json index 7d2d3181054..5deb24afda5 100644 --- a/2005/4xxx/CVE-2005-4418.json +++ b/2005/4xxx/CVE-2005-4418.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "util-vserver before 0.30.208-1 with kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux sets a default policy that trusts unknown capabilities, which could allow local users to conduct unauthorized activities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-1011", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1011" - }, - { - "name" : "17180", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17180" - }, - { - "name" : "19333", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19333" - }, - { - "name" : "19339", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19339" - }, - { - "name" : "debian-utilvserver-policy-bypass-security(25407)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "util-vserver before 0.30.208-1 with kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux sets a default policy that trusts unknown capabilities, which could allow local users to conduct unauthorized activities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19333", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19333" + }, + { + "name": "DSA-1011", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1011" + }, + { + "name": "debian-utilvserver-policy-bypass-security(25407)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25407" + }, + { + "name": "17180", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17180" + }, + { + "name": "19339", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19339" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0517.json b/2009/0xxx/CVE-2009-0517.json index 5eab6386cd1..74e0e404106 100644 --- a/2009/0xxx/CVE-2009-0517.json +++ b/2009/0xxx/CVE-2009-0517.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tz_env.class. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090201 phpslash <= 0.8.1.1 Remote Code Execution Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500664/100/0/threaded" - }, - { - "name" : "7948", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7948" - }, - { - "name" : "33572", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33572" - }, - { - "name" : "51727", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51727" - }, - { - "name" : "33717", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33717" - }, - { - "name" : "phpslash-generic-code-execution(48441)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48441" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tz_env.class. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33717", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33717" + }, + { + "name": "33572", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33572" + }, + { + "name": "phpslash-generic-code-execution(48441)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48441" + }, + { + "name": "7948", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7948" + }, + { + "name": "51727", + "refsource": "OSVDB", + "url": "http://osvdb.org/51727" + }, + { + "name": "20090201 phpslash <= 0.8.1.1 Remote Code Execution Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500664/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0758.json b/2009/0xxx/CVE-2009-0758.json index 24faf46e639..785a061ade9 100644 --- a/2009/0xxx/CVE-2009-0758.json +++ b/2009/0xxx/CVE-2009-0758.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet that triggers a multicast packet storm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090302 CVE id request: avahi", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/03/02/1" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517683", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517683" - }, - { - "name" : "DSA-2086", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2086" - }, - { - "name" : "MDVSA-2009:076", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:076" - }, - { - "name" : "SUSE-SR:2010:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html" - }, - { - "name" : "33946", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33946" - }, - { - "name" : "38420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38420" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet that triggers a multicast packet storm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20090302 CVE id request: avahi", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/03/02/1" + }, + { + "name": "MDVSA-2009:076", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:076" + }, + { + "name": "DSA-2086", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2086" + }, + { + "name": "SUSE-SR:2010:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517683", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517683" + }, + { + "name": "33946", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33946" + }, + { + "name": "38420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38420" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2038.json b/2009/2xxx/CVE-2009-2038.json index c8ebf560bae..be24d627dfb 100644 --- a/2009/2xxx/CVE-2009-2038.json +++ b/2009/2xxx/CVE-2009-2038.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Finnish Bank Payment module 2.2 for osCommerce has unknown impact and attack vectors related to bank charges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cert.fi/haavoittuvuudet/2009/haavoittuvuus-2009-046.html", - "refsource" : "MISC", - "url" : "http://www.cert.fi/haavoittuvuudet/2009/haavoittuvuus-2009-046.html" - }, - { - "name" : "http://addons.oscommerce.com/info/5485", - "refsource" : "CONFIRM", - "url" : "http://addons.oscommerce.com/info/5485" - }, - { - "name" : "35385", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35385" - }, - { - "name" : "finnishbank-unspecified-security-bypass(51007)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51007" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Finnish Bank Payment module 2.2 for osCommerce has unknown impact and attack vectors related to bank charges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "finnishbank-unspecified-security-bypass(51007)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51007" + }, + { + "name": "35385", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35385" + }, + { + "name": "http://www.cert.fi/haavoittuvuudet/2009/haavoittuvuus-2009-046.html", + "refsource": "MISC", + "url": "http://www.cert.fi/haavoittuvuudet/2009/haavoittuvuus-2009-046.html" + }, + { + "name": "http://addons.oscommerce.com/info/5485", + "refsource": "CONFIRM", + "url": "http://addons.oscommerce.com/info/5485" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3511.json b/2009/3xxx/CVE-2009-3511.json index ae6bb668d0a..a1c41e1b810 100644 --- a/2009/3xxx/CVE-2009-3511.json +++ b/2009/3xxx/CVE-2009-3511.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in justVisual 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the fs_jVroot parameter to (1) sites/site/pages/index.php, (2) sites/test/pages/contact.php, (3) system/pageTemplate.php, and (4) system/utilities.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9308", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9308" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in justVisual 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the fs_jVroot parameter to (1) sites/site/pages/index.php, (2) sites/test/pages/contact.php, (3) system/pageTemplate.php, and (4) system/utilities.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9308", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9308" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3718.json b/2009/3xxx/CVE-2009-3718.json index cdb9fd9b477..0ae7070678a 100644 --- a/2009/3xxx/CVE-2009-3718.json +++ b/2009/3xxx/CVE-2009-3718.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin/authenticate.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to execute arbitrary SQL commands via the UserName parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9183", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9183" - }, - { - "name" : "http://full-discl0sure.blogspot.com/2009/07/battle-blog-sqlhtml-injection.html", - "refsource" : "MISC", - "url" : "http://full-discl0sure.blogspot.com/2009/07/battle-blog-sqlhtml-injection.html" - }, - { - "name" : "35726", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35726" - }, - { - "name" : "55991", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/55991" - }, - { - "name" : "35864", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35864" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin/authenticate.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to execute arbitrary SQL commands via the UserName parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9183", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9183" + }, + { + "name": "http://full-discl0sure.blogspot.com/2009/07/battle-blog-sqlhtml-injection.html", + "refsource": "MISC", + "url": "http://full-discl0sure.blogspot.com/2009/07/battle-blog-sqlhtml-injection.html" + }, + { + "name": "35726", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35726" + }, + { + "name": "55991", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/55991" + }, + { + "name": "35864", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35864" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3725.json b/2009/3xxx/CVE-2009-3725.json index efd4bfe9a25..0cfe18b8452 100644 --- a/2009/3xxx/CVE-2009-3725.json +++ b/2009/3xxx/CVE-2009-3725.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The connector layer in the Linux kernel before 2.6.31.5 does not require the CAP_SYS_ADMIN capability for certain interaction with the (1) uvesafb, (2) pohmelfs, (3) dst, or (4) dm subsystem, which allows local users to bypass intended access restrictions and gain privileges via calls to functions in these subsystems." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20091002 Re: [PATCH 0/8] SECURITY ISSUE with connector", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-kernel&m=125449888416314&w=2" - }, - { - "name" : "[oss-security] 20091102 CVE request: kernel: connector security bypass", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125715484511380&w=2" - }, - { - "name" : "[oss-security] 20091102 Re: CVE request: kernel: connector security bypass", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125716192622235&w=2" - }, - { - "name" : "http://xorl.wordpress.com/2009/10/31/linux-kernel-multiple-capabilities-missing-checks/", - "refsource" : "MISC", - "url" : "http://xorl.wordpress.com/2009/10/31/linux-kernel-multiple-capabilities-missing-checks/" - }, - { - "name" : "http://patchwork.kernel.org/patch/51382/", - "refsource" : "CONFIRM", - "url" : "http://patchwork.kernel.org/patch/51382/" - }, - { - "name" : "http://patchwork.kernel.org/patch/51383/", - "refsource" : "CONFIRM", - "url" : "http://patchwork.kernel.org/patch/51383/" - }, - { - "name" : "http://patchwork.kernel.org/patch/51384/", - "refsource" : "CONFIRM", - "url" : "http://patchwork.kernel.org/patch/51384/" - }, - { - "name" : "http://patchwork.kernel.org/patch/51387/", - "refsource" : "CONFIRM", - "url" : "http://patchwork.kernel.org/patch/51387/" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.5", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.5" - }, - { - "name" : "USN-864-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-864-1" - }, - { - "name" : "36834", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36834" - }, - { - "name" : "37113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37113" - }, - { - "name" : "38905", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38905" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The connector layer in the Linux kernel before 2.6.31.5 does not require the CAP_SYS_ADMIN capability for certain interaction with the (1) uvesafb, (2) pohmelfs, (3) dst, or (4) dm subsystem, which allows local users to bypass intended access restrictions and gain privileges via calls to functions in these subsystems." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.5", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.5" + }, + { + "name": "38905", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38905" + }, + { + "name": "[linux-kernel] 20091002 Re: [PATCH 0/8] SECURITY ISSUE with connector", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-kernel&m=125449888416314&w=2" + }, + { + "name": "USN-864-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-864-1" + }, + { + "name": "http://xorl.wordpress.com/2009/10/31/linux-kernel-multiple-capabilities-missing-checks/", + "refsource": "MISC", + "url": "http://xorl.wordpress.com/2009/10/31/linux-kernel-multiple-capabilities-missing-checks/" + }, + { + "name": "http://patchwork.kernel.org/patch/51383/", + "refsource": "CONFIRM", + "url": "http://patchwork.kernel.org/patch/51383/" + }, + { + "name": "37113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37113" + }, + { + "name": "http://patchwork.kernel.org/patch/51387/", + "refsource": "CONFIRM", + "url": "http://patchwork.kernel.org/patch/51387/" + }, + { + "name": "http://patchwork.kernel.org/patch/51382/", + "refsource": "CONFIRM", + "url": "http://patchwork.kernel.org/patch/51382/" + }, + { + "name": "[oss-security] 20091102 Re: CVE request: kernel: connector security bypass", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125716192622235&w=2" + }, + { + "name": "[oss-security] 20091102 CVE request: kernel: connector security bypass", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125715484511380&w=2" + }, + { + "name": "http://patchwork.kernel.org/patch/51384/", + "refsource": "CONFIRM", + "url": "http://patchwork.kernel.org/patch/51384/" + }, + { + "name": "36834", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36834" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3737.json b/2009/3xxx/CVE-2009-3737.json index e8da8ae038c..2b7d1f0b13c 100644 --- a/2009/3xxx/CVE-2009-3737.json +++ b/2009/3xxx/CVE-2009-3737.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3737", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2009-3737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#174089", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/174089" - }, - { - "name" : "66926", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/66926" - }, - { - "name" : "40804", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40804" - }, - { - "name" : "ADV-2010-2028", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-2028", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2028" + }, + { + "name": "66926", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/66926" + }, + { + "name": "40804", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40804" + }, + { + "name": "VU#174089", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/174089" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4063.json b/2009/4xxx/CVE-2009-4063.json index 15190bd1a98..f240086efd9 100644 --- a/2009/4xxx/CVE-2009-4063.json +++ b/2009/4xxx/CVE-2009-4063.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Subgroups for Organic Groups (OG) module 5.x before 5.x-4.0 and 5.x before 5.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified node titles." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/630004", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/630004" - }, - { - "name" : "http://drupal.org/node/636562", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/636562" - }, - { - "name" : "37056", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37056" - }, - { - "name" : "60287", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/60287" - }, - { - "name" : "37438", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37438" - }, - { - "name" : "suborganic-title-xss(54341)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54341" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Subgroups for Organic Groups (OG) module 5.x before 5.x-4.0 and 5.x before 5.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified node titles." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/630004", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/630004" + }, + { + "name": "60287", + "refsource": "OSVDB", + "url": "http://osvdb.org/60287" + }, + { + "name": "http://drupal.org/node/636562", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/636562" + }, + { + "name": "37438", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37438" + }, + { + "name": "suborganic-title-xss(54341)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54341" + }, + { + "name": "37056", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37056" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2464.json b/2012/2xxx/CVE-2012-2464.json index c65e246f3df..d0df1ce2ec8 100644 --- a/2012/2xxx/CVE-2012-2464.json +++ b/2012/2xxx/CVE-2012-2464.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2464", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2464", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2605.json b/2012/2xxx/CVE-2012-2605.json index 7b16954d489..aebe1f07b30 100644 --- a/2012/2xxx/CVE-2012-2605.json +++ b/2012/2xxx/CVE-2012-2605.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote attackers to hijack the authentication of administrators for requests that (1) insert XSS sequences or (2) send messages to clients." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-2605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/MAPG-8TJKAF", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/MAPG-8TJKAF" - }, - { - "name" : "https://na3.salesforce.com/sfc/#version?selectedDocumentId=06950000000IySO", - "refsource" : "CONFIRM", - "url" : "https://na3.salesforce.com/sfc/#version?selectedDocumentId=06950000000IySO" - }, - { - "name" : "VU#709939", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/709939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote attackers to hijack the authentication of administrators for requests that (1) insert XSS sequences or (2) send messages to clients." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kb.cert.org/vuls/id/MAPG-8TJKAF", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/MAPG-8TJKAF" + }, + { + "name": "VU#709939", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/709939" + }, + { + "name": "https://na3.salesforce.com/sfc/#version?selectedDocumentId=06950000000IySO", + "refsource": "CONFIRM", + "url": "https://na3.salesforce.com/sfc/#version?selectedDocumentId=06950000000IySO" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2785.json b/2012/2xxx/CVE-2012-2785.json index 0268046487a..3d06ac5bcda 100644 --- a/2012/2xxx/CVE-2012-2785.json +++ b/2012/2xxx/CVE-2012-2785.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors, related to (1) \"some subframes only encode some channels\" or (2) a large order value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/31/3" - }, - { - "name" : "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/02/4" - }, - { - "name" : "http://ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.org/security.html" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=326f7a68bbd429c63fd2f19f4050658982b5b081", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=326f7a68bbd429c63fd2f19f4050658982b5b081" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d462949974668ffb013467d12dc4934b9106fe19", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d462949974668ffb013467d12dc4934b9106fe19" - }, - { - "name" : "55355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55355" - }, - { - "name" : "50468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50468" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors, related to (1) \"some subframes only encode some channels\" or (2) a large order value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=326f7a68bbd429c63fd2f19f4050658982b5b081", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=326f7a68bbd429c63fd2f19f4050658982b5b081" + }, + { + "name": "55355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55355" + }, + { + "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" + }, + { + "name": "http://ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://ffmpeg.org/security.html" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d462949974668ffb013467d12dc4934b9106fe19", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d462949974668ffb013467d12dc4934b9106fe19" + }, + { + "name": "50468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50468" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0123.json b/2015/0xxx/CVE-2015-0123.json index a7a000b8cd8..00952e04738 100644 --- a/2015/0xxx/CVE-2015-0123.json +++ b/2015/0xxx/CVE-2015-0123.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0123", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0122." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0123", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698253", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698253" - }, - { - "name" : "73101", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73101" - }, - { - "name" : "1031884", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031884" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0122." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698253", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698253" + }, + { + "name": "1031884", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031884" + }, + { + "name": "73101", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73101" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0456.json b/2015/0xxx/CVE-2015-0456.json index 1078c0afdb0..0bbf9ee394f 100644 --- a/2015/0xxx/CVE-2015-0456.json +++ b/2015/0xxx/CVE-2015-0456.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0456", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to Portlet Services." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" - }, - { - "name" : "1032131", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to Portlet Services." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" + }, + { + "name": "1032131", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032131" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0618.json b/2015/0xxx/CVE-2015-0618.json index 7c702e88393..66fd075d749 100644 --- a/2015/0xxx/CVE-2015-0618.json +++ b/2015/0xxx/CVE-2015-0618.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System (NCS) 6000 devices and 5.1.3 and 5.1.4 on Carrier Routing System X (CRS-X) devices allows remote attackers to cause a denial of service (line-card reload) via malformed IPv6 packets with extension headers, aka Bug ID CSCuq95241." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150220 Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150220-ipv6" - }, - { - "name" : "72713", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72713" - }, - { - "name" : "1031778", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System (NCS) 6000 devices and 5.1.3 and 5.1.4 on Carrier Routing System X (CRS-X) devices allows remote attackers to cause a denial of service (line-card reload) via malformed IPv6 packets with extension headers, aka Bug ID CSCuq95241." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72713", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72713" + }, + { + "name": "1031778", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031778" + }, + { + "name": "20150220 Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150220-ipv6" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0650.json b/2015/0xxx/CVE-2015-0650.json index d4a47b8873e..732cfaaad75 100644 --- a/2015/0xxx/CVE-2015-0650.json +++ b/2015/0xxx/CVE-2015-0650.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Service Discovery Gateway (aka mDNS Gateway) in Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 3.9.xS and 3.10.xS before 3.10.4S, 3.11.xS before 3.11.3S, 3.12.xS before 3.12.2S, and 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) by sending malformed mDNS UDP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCup70579." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150325 Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-mdns" - }, - { - "name" : "1031979", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031979" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Service Discovery Gateway (aka mDNS Gateway) in Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 3.9.xS and 3.10.xS before 3.10.4S, 3.11.xS before 3.11.3S, 3.12.xS before 3.12.2S, and 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) by sending malformed mDNS UDP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCup70579." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150325 Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-mdns" + }, + { + "name": "1031979", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031979" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0651.json b/2015/0xxx/CVE-2015-0651.json index a38515a5817..b4abbac90a6 100644 --- a/2015/0xxx/CVE-2015-0651.json +++ b/2015/0xxx/CVE-2015-0651.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo99753." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150226 Cisco ACE 4710 Application Control Engine and Application Neworking Manager Cross-Site Request Forgery Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0651" - }, - { - "name" : "72796", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72796" - }, - { - "name" : "1031815", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031815" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo99753." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150226 Cisco ACE 4710 Application Control Engine and Application Neworking Manager Cross-Site Request Forgery Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0651" + }, + { + "name": "1031815", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031815" + }, + { + "name": "72796", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72796" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1592.json b/2015/1xxx/CVE-2015-1592.json index 05e1b4d7281..67b4ccd733d 100644 --- a/2015/1xxx/CVE-2015-1592.json +++ b/2015/1xxx/CVE-2015-1592.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150212 CVE request: MovableType before 5.2.12", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/02/12/2" - }, - { - "name" : "[oss-security] 20150212 Re: CVE request: MovableType before 5.2.12 - Movable Type", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/02/12/17" - }, - { - "name" : "https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html", - "refsource" : "CONFIRM", - "url" : "https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html" - }, - { - "name" : "DSA-3183", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2015/dsa-3183" - }, - { - "name" : "72606", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72606" - }, - { - "name" : "1031777", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031777" - }, - { - "name" : "movable-type-cve20151592-file-include(100912)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100912" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3183", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2015/dsa-3183" + }, + { + "name": "1031777", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031777" + }, + { + "name": "[oss-security] 20150212 CVE request: MovableType before 5.2.12", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/02/12/2" + }, + { + "name": "movable-type-cve20151592-file-include(100912)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100912" + }, + { + "name": "https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html", + "refsource": "CONFIRM", + "url": "https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html" + }, + { + "name": "72606", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72606" + }, + { + "name": "[oss-security] 20150212 Re: CVE request: MovableType before 5.2.12 - Movable Type", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/02/12/17" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1753.json b/2015/1xxx/CVE-2015-1753.json index df366f69c97..586cfa97e82 100644 --- a/2015/1xxx/CVE-2015-1753.json +++ b/2015/1xxx/CVE-2015-1753.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1753", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1732, CVE-2015-1742, CVE-2015-1747, and CVE-2015-1750." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-056", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056" - }, - { - "name" : "74990", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74990" - }, - { - "name" : "1032521", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032521" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1732, CVE-2015-1742, CVE-2015-1747, and CVE-2015-1750." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-056", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056" + }, + { + "name": "1032521", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032521" + }, + { + "name": "74990", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74990" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1804.json b/2015/1xxx/CVE-2015-1804.json index bb976bbda82..f5298b7a1f1 100644 --- a/2015/1xxx/CVE-2015-1804.json +++ b/2015/1xxx/CVE-2015-1804.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/", - "refsource" : "MISC", - "url" : "http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0113.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0113.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "DSA-3194", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3194" - }, - { - "name" : "FEDORA-2015-4230", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.html" - }, - { - "name" : "FEDORA-2015-4199", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.html" - }, - { - "name" : "GLSA-201507-21", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201507-21" - }, - { - "name" : "MDVSA-2015:145", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145" - }, - { - "name" : "RHSA-2015:1708", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1708.html" - }, - { - "name" : "openSUSE-SU-2015:0614", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.html" - }, - { - "name" : "SUSE-SU-2015:0674", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html" - }, - { - "name" : "SUSE-SU-2015:0702", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html" - }, - { - "name" : "openSUSE-SU-2015:2300", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-12/msg00074.html" - }, - { - "name" : "USN-2536-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2536-1" - }, - { - "name" : "73279", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73279" - }, - { - "name" : "1031935", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031935" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "GLSA-201507-21", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201507-21" + }, + { + "name": "SUSE-SU-2015:0674", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html" + }, + { + "name": "openSUSE-SU-2015:2300", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00074.html" + }, + { + "name": "USN-2536-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2536-1" + }, + { + "name": "FEDORA-2015-4230", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.html" + }, + { + "name": "RHSA-2015:1708", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1708.html" + }, + { + "name": "openSUSE-SU-2015:0614", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.html" + }, + { + "name": "1031935", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031935" + }, + { + "name": "FEDORA-2015-4199", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "DSA-3194", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3194" + }, + { + "name": "MDVSA-2015:145", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145" + }, + { + "name": "http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/", + "refsource": "MISC", + "url": "http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0113.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0113.html" + }, + { + "name": "73279", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73279" + }, + { + "name": "SUSE-SU-2015:0702", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5456.json b/2015/5xxx/CVE-2015-5456.json index 3321ed5cce4..f7f26bca4e5 100644 --- a/2015/5xxx/CVE-2015-5456.json +++ b/2015/5xxx/CVE-2015-5456.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5456", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the \"PHP_SELF\" variable and form actions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535860/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html" - }, - { - "name" : "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/", - "refsource" : "MISC", - "url" : "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/" - }, - { - "name" : "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released", - "refsource" : "CONFIRM", - "url" : "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released" - }, - { - "name" : "http://sourceforge.net/p/pivot-weblog/code/4457/tree//branches/2.3.x/pivotx/modules/formclass.php?diff=51a4cb5e34309d75c0d1612a:4456", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/p/pivot-weblog/code/4457/tree//branches/2.3.x/pivotx/modules/formclass.php?diff=51a4cb5e34309d75c0d1612a:4456" - }, - { - "name" : "75577", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75577" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the \"PHP_SELF\" variable and form actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/p/pivot-weblog/code/4457/tree//branches/2.3.x/pivotx/modules/formclass.php?diff=51a4cb5e34309d75c0d1612a:4456", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/p/pivot-weblog/code/4457/tree//branches/2.3.x/pivotx/modules/formclass.php?diff=51a4cb5e34309d75c0d1612a:4456" + }, + { + "name": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/", + "refsource": "MISC", + "url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/" + }, + { + "name": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html" + }, + { + "name": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released", + "refsource": "CONFIRM", + "url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released" + }, + { + "name": "75577", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75577" + }, + { + "name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5701.json b/2015/5xxx/CVE-2015-5701.json index cb9a5681a49..5d0d5edbbb7 100644 --- a/2015/5xxx/CVE-2015-5701.json +++ b/2015/5xxx/CVE-2015-5701.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150730 Re: CVE request: mktexlsr/texlive: insecure use of /tmp", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/07/30/6" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1181167", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1181167" - }, - { - "name" : "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885", - "refsource" : "CONFIRM", - "url" : "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885" - }, - { - "name" : "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=log", - "refsource" : "CONFIRM", - "url" : "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=log" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150730 Re: CVE request: mktexlsr/texlive: insecure use of /tmp", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/07/30/6" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139", + "refsource": "MISC", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139" + }, + { + "name": "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=log", + "refsource": "CONFIRM", + "url": "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=log" + }, + { + "name": "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885", + "refsource": "CONFIRM", + "url": "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1181167", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1181167" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5915.json b/2015/5xxx/CVE-2015-5915.json index 0b8e91c6a3c..5fcd2c4a38a 100644 --- a/2015/5xxx/CVE-2015-5915.json +++ b/2015/5xxx/CVE-2015-5915.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5915", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205267", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205267" - }, - { - "name" : "APPLE-SA-2015-09-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" - }, - { - "name" : "76908", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76908" - }, - { - "name" : "1033703", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033703", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033703" + }, + { + "name": "APPLE-SA-2015-09-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" + }, + { + "name": "https://support.apple.com/HT205267", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205267" + }, + { + "name": "76908", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76908" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5950.json b/2015/5xxx/CVE-2015-5950.json index a628a1a54a2..c1832b536ec 100644 --- a/2015/5xxx/CVE-2015-5950.json +++ b/2015/5xxx/CVE-2015-5950.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NVIDIA display driver R352 before 353.82 and R340 before 341.81 on Windows; R304 before 304.128, R340 before 340.93, and R352 before 352.41 on Linux; and R352 before 352.46 on GRID vGPU and vSGA allows local users to write to an arbitrary kernel memory location and consequently gain privileges via a crafted ioctl call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/3763/~/cve-2015-5950-memory-corruption-due-to-an-unsanitized-pointer-in-the-nvidia", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/3763/~/cve-2015-5950-memory-corruption-due-to-an-unsanitized-pointer-in-the-nvidia" - }, - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04815468", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04815468" - }, - { - "name" : "https://support.lenovo.com/us/en/product_security/len_3313", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/product_security/len_3313" - }, - { - "name" : "HPSBHF03513", - "refsource" : "HP", - "url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04815468" - }, - { - "name" : "USN-2747-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2747-1" - }, - { - "name" : "1033662", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033662" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NVIDIA display driver R352 before 353.82 and R340 before 341.81 on Windows; R304 before 304.128, R340 before 340.93, and R352 before 352.41 on Linux; and R352 before 352.46 on GRID vGPU and vSGA allows local users to write to an arbitrary kernel memory location and consequently gain privileges via a crafted ioctl call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.lenovo.com/us/en/product_security/len_3313", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/product_security/len_3313" + }, + { + "name": "HPSBHF03513", + "refsource": "HP", + "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04815468" + }, + { + "name": "USN-2747-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2747-1" + }, + { + "name": "1033662", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033662" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04815468", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04815468" + }, + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/3763/~/cve-2015-5950-memory-corruption-due-to-an-unsanitized-pointer-in-the-nvidia", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/3763/~/cve-2015-5950-memory-corruption-due-to-an-unsanitized-pointer-in-the-nvidia" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3396.json b/2018/3xxx/CVE-2018-3396.json index e84d25ad2d9..89933334893 100644 --- a/2018/3xxx/CVE-2018-3396.json +++ b/2018/3xxx/CVE-2018-3396.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3396", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3396", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3527.json b/2018/3xxx/CVE-2018-3527.json index 838d797cdd7..d400b98a592 100644 --- a/2018/3xxx/CVE-2018-3527.json +++ b/2018/3xxx/CVE-2018-3527.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3527", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3527", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3543.json b/2018/3xxx/CVE-2018-3543.json index 26f926dc34c..b4dbeb421db 100644 --- a/2018/3xxx/CVE-2018-3543.json +++ b/2018/3xxx/CVE-2018-3543.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3543", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3543", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3786.json b/2018/3xxx/CVE-2018-3786.json index 91c53bcf01d..cb4efd9809a 100644 --- a/2018/3xxx/CVE-2018-3786.json +++ b/2018/3xxx/CVE-2018-3786.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-08-19T00:00:00", - "ID" : "CVE-2018-3786", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "egg-scripts", - "version" : { - "version_data" : [ - { - "version_value" : "2.8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Egg" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A command injection vulnerability in egg-scripts