From 313bc09742bac1170ff9b12227caa656b9c922a3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:15:58 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/1xxx/CVE-1999-1595.json | 34 ++-- 2000/1xxx/CVE-2000-1116.json | 130 ++++++------- 2005/2xxx/CVE-2005-2726.json | 160 ++++++++-------- 2005/2xxx/CVE-2005-2850.json | 140 +++++++------- 2005/2xxx/CVE-2005-2968.json | 340 ++++++++++++++++----------------- 2005/3xxx/CVE-2005-3346.json | 200 ++++++++++---------- 2005/3xxx/CVE-2005-3368.json | 160 ++++++++-------- 2005/3xxx/CVE-2005-3495.json | 150 +++++++-------- 2005/3xxx/CVE-2005-3699.json | 120 ++++++------ 2005/3xxx/CVE-2005-3943.json | 160 ++++++++-------- 2005/4xxx/CVE-2005-4118.json | 34 ++-- 2005/4xxx/CVE-2005-4601.json | 350 +++++++++++++++++----------------- 2005/4xxx/CVE-2005-4853.json | 130 ++++++------- 2005/4xxx/CVE-2005-4879.json | 160 ++++++++-------- 2009/2xxx/CVE-2009-2992.json | 170 ++++++++--------- 2009/3xxx/CVE-2009-3239.json | 34 ++-- 2009/3xxx/CVE-2009-3335.json | 130 ++++++------- 2009/3xxx/CVE-2009-3343.json | 130 ++++++------- 2009/3xxx/CVE-2009-3516.json | 210 ++++++++++----------- 2009/3xxx/CVE-2009-3654.json | 170 ++++++++--------- 2009/3xxx/CVE-2009-3903.json | 150 +++++++-------- 2009/4xxx/CVE-2009-4182.json | 140 +++++++------- 2009/4xxx/CVE-2009-4707.json | 120 ++++++------ 2009/4xxx/CVE-2009-4852.json | 130 ++++++------- 2009/4xxx/CVE-2009-4998.json | 140 +++++++------- 2015/0xxx/CVE-2015-0158.json | 160 ++++++++-------- 2015/0xxx/CVE-2015-0188.json | 34 ++-- 2015/0xxx/CVE-2015-0392.json | 150 +++++++-------- 2015/1xxx/CVE-2015-1009.json | 140 +++++++------- 2015/1xxx/CVE-2015-1078.json | 200 ++++++++++---------- 2015/1xxx/CVE-2015-1481.json | 160 ++++++++-------- 2015/1xxx/CVE-2015-1554.json | 130 ++++++------- 2015/1xxx/CVE-2015-1816.json | 160 ++++++++-------- 2015/1xxx/CVE-2015-1934.json | 120 ++++++------ 2015/4xxx/CVE-2015-4395.json | 150 +++++++-------- 2015/4xxx/CVE-2015-4440.json | 34 ++-- 2015/4xxx/CVE-2015-4492.json | 290 ++++++++++++++-------------- 2015/5xxx/CVE-2015-5105.json | 130 ++++++------- 2015/5xxx/CVE-2015-5562.json | 200 ++++++++++---------- 2018/2xxx/CVE-2018-2011.json | 34 ++-- 2018/2xxx/CVE-2018-2246.json | 34 ++-- 2018/2xxx/CVE-2018-2579.json | 356 +++++++++++++++++------------------ 2018/3xxx/CVE-2018-3184.json | 142 +++++++------- 2018/3xxx/CVE-2018-3344.json | 34 ++-- 2018/3xxx/CVE-2018-3602.json | 130 ++++++------- 2018/3xxx/CVE-2018-3888.json | 122 ++++++------ 2018/3xxx/CVE-2018-3896.json | 122 ++++++------ 2018/6xxx/CVE-2018-6389.json | 190 +++++++++---------- 2018/6xxx/CVE-2018-6531.json | 34 ++-- 2018/6xxx/CVE-2018-6574.json | 180 +++++++++--------- 2018/6xxx/CVE-2018-6795.json | 120 ++++++------ 2018/6xxx/CVE-2018-6810.json | 130 ++++++------- 2018/6xxx/CVE-2018-6952.json | 130 ++++++------- 2018/7xxx/CVE-2018-7888.json | 34 ++-- 2018/7xxx/CVE-2018-7976.json | 126 ++++++------- 2018/7xxx/CVE-2018-7984.json | 34 ++-- 56 files changed, 3901 insertions(+), 3901 deletions(-) diff --git a/1999/1xxx/CVE-1999-1595.json b/1999/1xxx/CVE-1999-1595.json index f4664274f3e..437443c20eb 100644 --- a/1999/1xxx/CVE-1999-1595.json +++ b/1999/1xxx/CVE-1999-1595.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1595", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1595", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1116.json b/2000/1xxx/CVE-2000-1116.json index cbb114125d1..a213b26d046 100644 --- a/2000/1xxx/CVE-2000-1116.json +++ b/2000/1xxx/CVE-2000-1116.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in TransSoft Broker FTP Server before 4.3.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001018 TransSoft's Broker FTP Server 3.x & 4.x Remote DoS attack Vulnerability", - "refsource" : "WIN2KSEC", - "url" : "http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0041.html" - }, - { - "name" : "broker-ftp-username-dos(5388)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5388" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in TransSoft Broker FTP Server before 4.3.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "broker-ftp-username-dos(5388)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5388" + }, + { + "name": "20001018 TransSoft's Broker FTP Server 3.x & 4.x Remote DoS attack Vulnerability", + "refsource": "WIN2KSEC", + "url": "http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0041.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2726.json b/2005/2xxx/CVE-2005-2726.json index 8fb23817e64..ee4537789fb 100644 --- a/2005/2xxx/CVE-2005-2726.json +++ b/2005/2xxx/CVE-2005-2726.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Home Ftp Server 1.0.7 allows remote authenticated users to read arbitrary files via \"C:\\\" (Windows drive letter) sequences in commands such as (1) LIST or (2) RETR." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050824 Multiple Vulnerabilities in Home Ftp Server 1.0.7", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112490496918102&w=2" - }, - { - "name" : "http://www.autistici.org/fdonato/advisory/HomeFtpServer1.0.7-adv.txt", - "refsource" : "MISC", - "url" : "http://www.autistici.org/fdonato/advisory/HomeFtpServer1.0.7-adv.txt" - }, - { - "name" : "14653", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14653" - }, - { - "name" : "16556", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16556/" - }, - { - "name" : "homeftpserver-directory-traversal(22003)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Home Ftp Server 1.0.7 allows remote authenticated users to read arbitrary files via \"C:\\\" (Windows drive letter) sequences in commands such as (1) LIST or (2) RETR." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "homeftpserver-directory-traversal(22003)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22003" + }, + { + "name": "20050824 Multiple Vulnerabilities in Home Ftp Server 1.0.7", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112490496918102&w=2" + }, + { + "name": "http://www.autistici.org/fdonato/advisory/HomeFtpServer1.0.7-adv.txt", + "refsource": "MISC", + "url": "http://www.autistici.org/fdonato/advisory/HomeFtpServer1.0.7-adv.txt" + }, + { + "name": "16556", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16556/" + }, + { + "name": "14653", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14653" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2850.json b/2005/2xxx/CVE-2005-2850.json index bdb7a2335ca..f9ce6780beb 100644 --- a/2005/2xxx/CVE-2005-2850.json +++ b/2005/2xxx/CVE-2005-2850.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SlimFTPd 3.17 allows remote attackers to cause a denial of service (crash) via certain (1) USER and (2) PASS commands, possibly due to a buffer overflow or off-by-one error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.critical.lt/?vulnerabilities/8", - "refsource" : "MISC", - "url" : "http://www.critical.lt/?vulnerabilities/8" - }, - { - "name" : "http://www.critical.lt/research/slimftpd_dos2.c", - "refsource" : "MISC", - "url" : "http://www.critical.lt/research/slimftpd_dos2.c" - }, - { - "name" : "1014831", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014831" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SlimFTPd 3.17 allows remote attackers to cause a denial of service (crash) via certain (1) USER and (2) PASS commands, possibly due to a buffer overflow or off-by-one error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.critical.lt/?vulnerabilities/8", + "refsource": "MISC", + "url": "http://www.critical.lt/?vulnerabilities/8" + }, + { + "name": "http://www.critical.lt/research/slimftpd_dos2.c", + "refsource": "MISC", + "url": "http://www.critical.lt/research/slimftpd_dos2.c" + }, + { + "name": "1014831", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014831" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2968.json b/2005/2xxx/CVE-2005-2968.json index d41b0996256..021c9470241 100644 --- a/2005/2xxx/CVE-2005-2968.json +++ b/2005/2xxx/CVE-2005-2968.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2968", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-2968", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/mfsa2005-58.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/mfsa2005-58.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=307185", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=307185" - }, - { - "name" : "DSA-868", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-868" - }, - { - "name" : "DSA-866", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-866" - }, - { - "name" : "MDKSA-2005:174", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:174" - }, - { - "name" : "RHSA-2005:785", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-785.html" - }, - { - "name" : "RHSA-2005:791", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-791.html" - }, - { - "name" : "SCOSA-2005.49", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" - }, - { - "name" : "USN-186-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-186-1" - }, - { - "name" : "USN-186-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-186-2" - }, - { - "name" : "USN-200-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-200-1" - }, - { - "name" : "VU#914681", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/914681" - }, - { - "name" : "15495", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15495" - }, - { - "name" : "14888", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14888" - }, - { - "name" : "oval:org.mitre.oval:def:11105", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11105" - }, - { - "name" : "ADV-2005-1794", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1794" - }, - { - "name" : "ADV-2005-1824", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1824" - }, - { - "name" : "16869", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16869" - }, - { - "name" : "17042", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17042" - }, - { - "name" : "17090", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17090" - }, - { - "name" : "17149", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17149" - }, - { - "name" : "17284", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17284" - }, - { - "name" : "17263", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-868", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-868" + }, + { + "name": "ADV-2005-1824", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1824" + }, + { + "name": "SCOSA-2005.49", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" + }, + { + "name": "14888", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14888" + }, + { + "name": "15495", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15495" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=307185", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=307185" + }, + { + "name": "USN-186-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-186-2" + }, + { + "name": "16869", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16869" + }, + { + "name": "RHSA-2005:791", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-791.html" + }, + { + "name": "USN-200-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-200-1" + }, + { + "name": "17042", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17042" + }, + { + "name": "DSA-866", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-866" + }, + { + "name": "http://www.mozilla.org/security/announce/mfsa2005-58.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/mfsa2005-58.html" + }, + { + "name": "17284", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17284" + }, + { + "name": "17149", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17149" + }, + { + "name": "17263", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17263" + }, + { + "name": "oval:org.mitre.oval:def:11105", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11105" + }, + { + "name": "VU#914681", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/914681" + }, + { + "name": "RHSA-2005:785", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-785.html" + }, + { + "name": "USN-186-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-186-1" + }, + { + "name": "MDKSA-2005:174", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:174" + }, + { + "name": "17090", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17090" + }, + { + "name": "ADV-2005-1794", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1794" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3346.json b/2005/3xxx/CVE-2005-3346.json index cbc2d23bde3..0c698763110 100644 --- a/2005/3xxx/CVE-2005-3346.json +++ b/2005/3xxx/CVE-2005-3346.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LD_PRELOAD, via pathname arguments of the form \"$VAR/EVAR=arg\", which cause the EVAR portion to be appended to a buffer returned by a getenv function call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-3346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pulltheplug.org/users/core/files/x_osh3.sh", - "refsource" : "MISC", - "url" : "http://pulltheplug.org/users/core/files/x_osh3.sh" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338312", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338312" - }, - { - "name" : "DSA-918", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-918" - }, - { - "name" : "15370", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15370" - }, - { - "name" : "ADV-2005-2378", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2378" - }, - { - "name" : "20720", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20720" - }, - { - "name" : "17527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17527" - }, - { - "name" : "17967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17967" - }, - { - "name" : "osh-main-execute-code(23091)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23091" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LD_PRELOAD, via pathname arguments of the form \"$VAR/EVAR=arg\", which cause the EVAR portion to be appended to a buffer returned by a getenv function call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20720", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20720" + }, + { + "name": "osh-main-execute-code(23091)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23091" + }, + { + "name": "17967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17967" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338312", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338312" + }, + { + "name": "DSA-918", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-918" + }, + { + "name": "15370", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15370" + }, + { + "name": "17527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17527" + }, + { + "name": "http://pulltheplug.org/users/core/files/x_osh3.sh", + "refsource": "MISC", + "url": "http://pulltheplug.org/users/core/files/x_osh3.sh" + }, + { + "name": "ADV-2005-2378", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2378" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3368.json b/2005/3xxx/CVE-2005-3368.json index 960b1cfe492..aec43d3468b 100644 --- a/2005/3xxx/CVE-2005-3368.json +++ b/2005/3xxx/CVE-2005-3368.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Search_Enhanced module in PHP-Nuke 7.9 allows remote attackers to inject arbitrary web script or HTML via the query parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051025 PHP-Nuke Cross-Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113038121108780&w=2" - }, - { - "name" : "15218", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15218" - }, - { - "name" : "ADV-2005-2225", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2225" - }, - { - "name" : "17296", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17296/" - }, - { - "name" : "phpnuke-searchenhanced-xss(22891)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22891" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Search_Enhanced module in PHP-Nuke 7.9 allows remote attackers to inject arbitrary web script or HTML via the query parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpnuke-searchenhanced-xss(22891)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22891" + }, + { + "name": "15218", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15218" + }, + { + "name": "17296", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17296/" + }, + { + "name": "20051025 PHP-Nuke Cross-Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113038121108780&w=2" + }, + { + "name": "ADV-2005-2225", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2225" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3495.json b/2005/3xxx/CVE-2005-3495.json index 7f1ff160b6e..a80f71f1889 100644 --- a/2005/3xxx/CVE-2005-3495.json +++ b/2005/3xxx/CVE-2005-3495.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ar-blog 5.2 and earlier allows remote attackers to bypass authentication by modifying cookies." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051024 Fwd: Vulnerability in Ar-blog ver 5.2 and prior versions", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038133.html" - }, - { - "name" : "15203", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15203" - }, - { - "name" : "1015100", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015100" - }, - { - "name" : "17307", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ar-blog 5.2 and earlier allows remote attackers to bypass authentication by modifying cookies." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17307", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17307" + }, + { + "name": "15203", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15203" + }, + { + "name": "1015100", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015100" + }, + { + "name": "20051024 Fwd: Vulnerability in Ar-blog ver 5.2 and prior versions", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038133.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3699.json b/2005/3xxx/CVE-2005-3699.json index 4ea8ae9cdfa..57102894bf4 100644 --- a/2005/3xxx/CVE-2005-3699.json +++ b/2005/3xxx/CVE-2005-3699.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17571", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17571", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17571" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3943.json b/2005/3xxx/CVE-2005-3943.json index 6fa53e65deb..5ec908d232e 100644 --- a/2005/3xxx/CVE-2005-3943.json +++ b/2005/3xxx/CVE-2005-3943.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) FAQ_ID and (2) action parameters in (a) viewFAQ.php; and (3) CATEGORY_ID parameter in (b) index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/faq-system-11-sql-inj-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/faq-system-11-sql-inj-vuln.html" - }, - { - "name" : "15640", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15640" - }, - { - "name" : "ADV-2005-2653", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2653" - }, - { - "name" : "21202", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21202" - }, - { - "name" : "17801", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) FAQ_ID and (2) action parameters in (a) viewFAQ.php; and (3) CATEGORY_ID parameter in (b) index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15640", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15640" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/faq-system-11-sql-inj-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/faq-system-11-sql-inj-vuln.html" + }, + { + "name": "17801", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17801" + }, + { + "name": "ADV-2005-2653", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2653" + }, + { + "name": "21202", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21202" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4118.json b/2005/4xxx/CVE-2005-4118.json index 99f6f23f9cb..e611431efc0 100644 --- a/2005/4xxx/CVE-2005-4118.json +++ b/2005/4xxx/CVE-2005-4118.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4118", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-4118", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4601.json b/2005/4xxx/CVE-2005-4601.json index 03db9b547b7..4c527b17a4b 100644 --- a/2005/4xxx/CVE-2005-4601.json +++ b/2005/4xxx/CVE-2005-4601.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061127 rPSA-2006-0218-1 ImageMagick", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452718/100/100/threaded" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345238", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345238" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-389", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-389" - }, - { - "name" : "DSA-957", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-957" - }, - { - "name" : "MDKSA-2006:024", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:024" - }, - { - "name" : "RHSA-2006:0178", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0178.html" - }, - { - "name" : "20060301-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc" - }, - { - "name" : "SSA:2006-045-03", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.341682" - }, - { - "name" : "231321", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231321-1" - }, - { - "name" : "SUSE-SR:2006:006", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_06_sr.html" - }, - { - "name" : "USN-246-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-246-1" - }, - { - "name" : "16093", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16093" - }, - { - "name" : "oval:org.mitre.oval:def:10353", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10353" - }, - { - "name" : "ADV-2008-0412", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0412" - }, - { - "name" : "22121", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22121" - }, - { - "name" : "18261", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18261" - }, - { - "name" : "18607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18607" - }, - { - "name" : "18631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18631" - }, - { - "name" : "18871", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18871" - }, - { - "name" : "19183", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19183" - }, - { - "name" : "19408", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19408" - }, - { - "name" : "23090", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23090" - }, - { - "name" : "28800", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28800" - }, - { - "name" : "imagemagick-filename-command-injection(23927)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23927" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "imagemagick-filename-command-injection(23927)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23927" + }, + { + "name": "19408", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19408" + }, + { + "name": "20061127 rPSA-2006-0218-1 ImageMagick", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452718/100/100/threaded" + }, + { + "name": "SUSE-SR:2006:006", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_06_sr.html" + }, + { + "name": "SSA:2006-045-03", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.341682" + }, + { + "name": "ADV-2008-0412", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0412" + }, + { + "name": "DSA-957", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-957" + }, + { + "name": "MDKSA-2006:024", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:024" + }, + { + "name": "22121", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22121" + }, + { + "name": "23090", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23090" + }, + { + "name": "https://issues.rpath.com/browse/RPL-389", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-389" + }, + { + "name": "18607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18607" + }, + { + "name": "231321", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231321-1" + }, + { + "name": "16093", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16093" + }, + { + "name": "USN-246-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-246-1" + }, + { + "name": "18871", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18871" + }, + { + "name": "28800", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28800" + }, + { + "name": "oval:org.mitre.oval:def:10353", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10353" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345238", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345238" + }, + { + "name": "18261", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18261" + }, + { + "name": "20060301-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc" + }, + { + "name": "RHSA-2006:0178", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0178.html" + }, + { + "name": "19183", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19183" + }, + { + "name": "18631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18631" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4853.json b/2005/4xxx/CVE-2005-4853.json index 57aa9c293e9..b5573e00f57 100644 --- a/2005/4xxx/CVE-2005-4853.json +++ b/2005/4xxx/CVE-2005-4853.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4853", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a posting's owner, which allows remote authenticated users to edit arbitrary postings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0", - "refsource" : "CONFIRM", - "url" : "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0" - }, - { - "name" : "http://issues.ez.no/7052", - "refsource" : "CONFIRM", - "url" : "http://issues.ez.no/7052" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a posting's owner, which allows remote authenticated users to edit arbitrary postings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0", + "refsource": "CONFIRM", + "url": "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0" + }, + { + "name": "http://issues.ez.no/7052", + "refsource": "CONFIRM", + "url": "http://issues.ez.no/7052" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4879.json b/2005/4xxx/CVE-2005-4879.json index 99344272bc1..f677fcdf46c 100644 --- a/2005/4xxx/CVE-2005-4879.json +++ b/2005/4xxx/CVE-2005-4879.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in jax_guestbook.php in Jax Guestbook 3.1 and 3.31 allow remote attackers to inject arbitrary web script or HTML via the (1) gmt_ofs and (2) language parameters. NOTE: the page parameter is already covered by CVE-2006-1913. NOTE: it was later reported that 3.50 is also affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/28523.html", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/28523.html" - }, - { - "name" : "http://lostmon.blogspot.com/2005/08/jax-php-scripts-multiple.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2005/08/jax-php-scripts-multiple.html" - }, - { - "name" : "28523", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28523" - }, - { - "name" : "16337", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16337" - }, - { - "name" : "jaxguestbook-jaxguestbook-xss(43562)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43562" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in jax_guestbook.php in Jax Guestbook 3.1 and 3.31 allow remote attackers to inject arbitrary web script or HTML via the (1) gmt_ofs and (2) language parameters. NOTE: the page parameter is already covered by CVE-2006-1913. NOTE: it was later reported that 3.50 is also affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/28523.html", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/28523.html" + }, + { + "name": "28523", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28523" + }, + { + "name": "16337", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16337" + }, + { + "name": "http://lostmon.blogspot.com/2005/08/jax-php-scripts-multiple.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2005/08/jax-php-scripts-multiple.html" + }, + { + "name": "jaxguestbook-jaxguestbook-xss(43562)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43562" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2992.json b/2009/2xxx/CVE-2009-2992.json index d684e6b414f..688f3fa5533 100644 --- a/2009/2xxx/CVE-2009-2992.json +++ b/2009/2xxx/CVE-2009-2992.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 does not properly validate input, which allows attackers to cause a denial of service via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb09-15.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb09-15.html" - }, - { - "name" : "TA09-286B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-286B.html" - }, - { - "name" : "36638", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36638" - }, - { - "name" : "oval:org.mitre.oval:def:6054", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6054" - }, - { - "name" : "1023007", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023007" - }, - { - "name" : "ADV-2009-2898", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 does not properly validate input, which allows attackers to cause a denial of service via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:6054", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6054" + }, + { + "name": "36638", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36638" + }, + { + "name": "TA09-286B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-286B.html" + }, + { + "name": "1023007", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023007" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb09-15.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb09-15.html" + }, + { + "name": "ADV-2009-2898", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2898" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3239.json b/2009/3xxx/CVE-2009-3239.json index 7ba150ce662..b6270b7fb60 100644 --- a/2009/3xxx/CVE-2009-3239.json +++ b/2009/3xxx/CVE-2009-3239.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3239", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reason: This candidate is a duplicate of CVE-2009-2139 and CVE-2009-2140. Notes: All CVE users should reference CVE-2009-2139 and CVE-2009-2140 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2009-3239", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reason: This candidate is a duplicate of CVE-2009-2139 and CVE-2009-2140. Notes: All CVE users should reference CVE-2009-2139 and CVE-2009-2140 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3335.json b/2009/3xxx/CVE-2009-3335.json index a0f5c323949..09b924379e4 100644 --- a/2009/3xxx/CVE-2009-3335.json +++ b/2009/3xxx/CVE-2009-3335.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the TurtuShout component 0.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Name field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9653", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9653" - }, - { - "name" : "turtushout-name-sql-injection(53209)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the TurtuShout component 0.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Name field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9653", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9653" + }, + { + "name": "turtushout-name-sql-injection(53209)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53209" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3343.json b/2009/3xxx/CVE-2009-3343.json index 0461c56fba9..893f53285db 100644 --- a/2009/3xxx/CVE-2009-3343.json +++ b/2009/3xxx/CVE-2009-3343.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in details.asp in HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropId parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9675", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9675" - }, - { - "name" : "36747", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36747" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in details.asp in HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropId parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9675", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9675" + }, + { + "name": "36747", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36747" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3516.json b/2009/3xxx/CVE-2009-3516.json index dc624fd66c9..f0f7968df80 100644 --- a/2009/3xxx/CVE-2009-3516.json +++ b/2009/3xxx/CVE-2009-3516.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3516", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/nfs4_advisory.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/nfs4_advisory.asc" - }, - { - "name" : "IZ49024", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49024" - }, - { - "name" : "IZ49096", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49096" - }, - { - "name" : "IZ49278", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49278" - }, - { - "name" : "IZ50399", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50399" - }, - { - "name" : "IZ50444", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50444" - }, - { - "name" : "IZ50496", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50496" - }, - { - "name" : "36545", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36545" - }, - { - "name" : "oval:org.mitre.oval:def:6318", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6318" - }, - { - "name" : "ADV-2009-2788", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2788" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-2788", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2788" + }, + { + "name": "IZ50496", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50496" + }, + { + "name": "IZ50444", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50444" + }, + { + "name": "IZ50399", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50399" + }, + { + "name": "IZ49278", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49278" + }, + { + "name": "oval:org.mitre.oval:def:6318", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6318" + }, + { + "name": "IZ49096", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49096" + }, + { + "name": "IZ49024", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49024" + }, + { + "name": "36545", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36545" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/nfs4_advisory.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/nfs4_advisory.asc" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3654.json b/2009/3xxx/CVE-2009-3654.json index 18334421187..d87e6d15ed9 100644 --- a/2009/3xxx/CVE-2009-3654.json +++ b/2009/3xxx/CVE-2009-3654.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3654", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Boost before 6.x-1.03, a module for Drupal, allows remote attackers to create new webroot directories via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/592470", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/592470" - }, - { - "name" : "http://drupal.org/node/592490", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/592490" - }, - { - "name" : "36561", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36561" - }, - { - "name" : "58424", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/58424" - }, - { - "name" : "36925", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36925" - }, - { - "name" : "boost-unspecified-security-bypass(53553)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53553" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Boost before 6.x-1.03, a module for Drupal, allows remote attackers to create new webroot directories via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "58424", + "refsource": "OSVDB", + "url": "http://osvdb.org/58424" + }, + { + "name": "http://drupal.org/node/592470", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/592470" + }, + { + "name": "boost-unspecified-security-bypass(53553)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53553" + }, + { + "name": "36925", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36925" + }, + { + "name": "http://drupal.org/node/592490", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/592490" + }, + { + "name": "36561", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36561" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3903.json b/2009/3xxx/CVE-2009-3903.json index b3526d54ff9..4ac3bee9d73 100644 --- a/2009/3xxx/CVE-2009-3903.json +++ b/2009/3xxx/CVE-2009-3903.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in jspui/index.jsp in ManageEngine Netflow Analyzer 7.5 build 7500 allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) section parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35630", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35630" - }, - { - "name" : "55772", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55772" - }, - { - "name" : "35105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35105" - }, - { - "name" : "netflow-index-xss(51630)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51630" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in jspui/index.jsp in ManageEngine Netflow Analyzer 7.5 build 7500 allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) section parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55772", + "refsource": "OSVDB", + "url": "http://osvdb.org/55772" + }, + { + "name": "35630", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35630" + }, + { + "name": "35105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35105" + }, + { + "name": "netflow-index-xss(51630)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51630" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4182.json b/2009/4xxx/CVE-2009-4182.json index 445ee57b58a..66556695efc 100644 --- a/2009/4xxx/CVE-2009-4182.json +++ b/2009/4xxx/CVE-2009-4182.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2, when a remote SQL server is used, allow remote attackers to obtain access to data or cause a denial of service, possibly by leveraging authentication and encryption weaknesses on the SQL server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2009-4182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBPI02500", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126341293311108&w=2" - }, - { - "name" : "SSRT090263", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126341293311108&w=2" - }, - { - "name" : "37787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37787" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2, when a remote SQL server is used, allow remote attackers to obtain access to data or cause a denial of service, possibly by leveraging authentication and encryption weaknesses on the SQL server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37787" + }, + { + "name": "SSRT090263", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126341293311108&w=2" + }, + { + "name": "HPSBPI02500", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126341293311108&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4707.json b/2009/4xxx/CVE-2009-4707.json index 4333175825b..da321eaa595 100644 --- a/2009/4xxx/CVE-2009-4707.json +++ b/2009/4xxx/CVE-2009-4707.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4852.json b/2009/4xxx/CVE-2009-4852.json index 532422e9f1c..cd49666dac1 100644 --- a/2009/4xxx/CVE-2009-4852.json +++ b/2009/4xxx/CVE-2009-4852.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in SemanticScuttle before 0.94.1 allow remote attackers to inject arbitrary web script or HTML via the sort parameter to index.php, and other unspecified vectors, a different issue than CVE-2008-6113. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://semanticscuttle.svn.sourceforge.net/viewvc/semanticscuttle/branches/0.94.1/ChangeLog?view=markup&pathrev=471", - "refsource" : "CONFIRM", - "url" : "http://semanticscuttle.svn.sourceforge.net/viewvc/semanticscuttle/branches/0.94.1/ChangeLog?view=markup&pathrev=471" - }, - { - "name" : "37387", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37387" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in SemanticScuttle before 0.94.1 allow remote attackers to inject arbitrary web script or HTML via the sort parameter to index.php, and other unspecified vectors, a different issue than CVE-2008-6113. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://semanticscuttle.svn.sourceforge.net/viewvc/semanticscuttle/branches/0.94.1/ChangeLog?view=markup&pathrev=471", + "refsource": "CONFIRM", + "url": "http://semanticscuttle.svn.sourceforge.net/viewvc/semanticscuttle/branches/0.94.1/ChangeLog?view=markup&pathrev=471" + }, + { + "name": "37387", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37387" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4998.json b/2009/4xxx/CVE-2009-4998.json index fd38077b272..1fd8b5579cf 100644 --- a/2009/4xxx/CVE-2009-4998.json +++ b/2009/4xxx/CVE-2009-4998.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass intended access restrictions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm", - "refsource" : "CONFIRM", - "url" : "http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm" - }, - { - "name" : "http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm", - "refsource" : "CONFIRM", - "url" : "http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm" - }, - { - "name" : "PJ36552", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PJ36552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass intended access restrictions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm", + "refsource": "CONFIRM", + "url": "http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm" + }, + { + "name": "PJ36552", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PJ36552" + }, + { + "name": "http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm", + "refsource": "CONFIRM", + "url": "http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0158.json b/2015/0xxx/CVE-2015-0158.json index 340b7817fc3..85dc5345ddc 100644 --- a/2015/0xxx/CVE-2015-0158.json +++ b/2015/0xxx/CVE-2015-0158.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Coach NG framework in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696378", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696378" - }, - { - "name" : "JR52137", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR52137" - }, - { - "name" : "JR52322", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR52322" - }, - { - "name" : "JR52355", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR52355" - }, - { - "name" : "1031964", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031964" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Coach NG framework in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JR52137", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR52137" + }, + { + "name": "JR52322", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR52322" + }, + { + "name": "JR52355", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR52355" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21696378", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696378" + }, + { + "name": "1031964", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031964" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0188.json b/2015/0xxx/CVE-2015-0188.json index 03591eae925..2a3f2ced1ce 100644 --- a/2015/0xxx/CVE-2015-0188.json +++ b/2015/0xxx/CVE-2015-0188.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0188", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0188", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0392.json b/2015/0xxx/CVE-2015-0392.json index 8b61c938778..00592a9c055 100644 --- a/2015/0xxx/CVE-2015-0392.json +++ b/2015/0xxx/CVE-2015-0392.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Config - Scripting." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "72182", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72182" - }, - { - "name" : "1031578", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031578" - }, - { - "name" : "oracle-cpujan2015-cve20150392(100119)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100119" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Config - Scripting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "oracle-cpujan2015-cve20150392(100119)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100119" + }, + { + "name": "1031578", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031578" + }, + { + "name": "72182", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72182" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1009.json b/2015/1xxx/CVE-2015-1009.json index 102ca34efc0..3b2bb7544d4 100644 --- a/2015/1xxx/CVE-2015-1009.json +++ b/2015/1xxx/CVE-2015-1009.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2015-1009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gcsresource.invensys.com/support/docs/_securitybulletins/Security_bulletin_LFSEC00000110.pdf", - "refsource" : "MISC", - "url" : "https://gcsresource.invensys.com/support/docs/_securitybulletins/Security_bulletin_LFSEC00000110.pdf" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-211-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-211-01" - }, - { - "name" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-100-01", - "refsource" : "CONFIRM", - "url" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-100-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-211-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-211-01" + }, + { + "name": "https://gcsresource.invensys.com/support/docs/_securitybulletins/Security_bulletin_LFSEC00000110.pdf", + "refsource": "MISC", + "url": "https://gcsresource.invensys.com/support/docs/_securitybulletins/Security_bulletin_LFSEC00000110.pdf" + }, + { + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-100-01", + "refsource": "CONFIRM", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-100-01" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1078.json b/2015/1xxx/CVE-2015-1078.json index e5f13b39a4b..24fca67ec9a 100644 --- a/2015/1xxx/CVE-2015-1078.json +++ b/2015/1xxx/CVE-2015-1078.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204560", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204560" - }, - { - "name" : "https://support.apple.com/HT204661", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204661" - }, - { - "name" : "https://support.apple.com/HT204662", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204662" - }, - { - "name" : "https://support.apple.com/kb/HT204949", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT204949" - }, - { - "name" : "APPLE-SA-2015-03-17-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Mar/msg00004.html" - }, - { - "name" : "APPLE-SA-2015-04-08-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" - }, - { - "name" : "APPLE-SA-2015-04-08-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" - }, - { - "name" : "APPLE-SA-2015-06-30-6", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" - }, - { - "name" : "1031936", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031936" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-04-08-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" + }, + { + "name": "APPLE-SA-2015-06-30-6", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" + }, + { + "name": "APPLE-SA-2015-03-17-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00004.html" + }, + { + "name": "https://support.apple.com/kb/HT204949", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT204949" + }, + { + "name": "1031936", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031936" + }, + { + "name": "https://support.apple.com/HT204662", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204662" + }, + { + "name": "https://support.apple.com/HT204560", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204560" + }, + { + "name": "APPLE-SA-2015-04-08-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" + }, + { + "name": "https://support.apple.com/HT204661", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204661" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1481.json b/2015/1xxx/CVE-2015-1481.json index a7b84d03708..36047249e37 100644 --- a/2015/1xxx/CVE-2015-1481.json +++ b/2015/1xxx/CVE-2015-1481.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization administrators to gain privileges by creating a superuser account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150113 SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534464/100/0/threaded" - }, - { - "name" : "35786", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35786" - }, - { - "name" : "20150113 SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/52" - }, - { - "name" : "http://packetstormsecurity.com/files/129944/Ansible-Tower-2.0.2-XSS-Privilege-Escalation-Authentication-Missing.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129944/Ansible-Tower-2.0.2-XSS-Privilege-Escalation-Authentication-Missing.html" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150113-1_Ansible-Tower_multiple-vulnerabilities_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150113-1_Ansible-Tower_multiple-vulnerabilities_v10.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization administrators to gain privileges by creating a superuser account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/129944/Ansible-Tower-2.0.2-XSS-Privilege-Escalation-Authentication-Missing.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129944/Ansible-Tower-2.0.2-XSS-Privilege-Escalation-Authentication-Missing.html" + }, + { + "name": "20150113 SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534464/100/0/threaded" + }, + { + "name": "20150113 SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/52" + }, + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150113-1_Ansible-Tower_multiple-vulnerabilities_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150113-1_Ansible-Tower_multiple-vulnerabilities_v10.txt" + }, + { + "name": "35786", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35786" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1554.json b/2015/1xxx/CVE-2015-1554.json index 698b89391ed..1b47c804437 100644 --- a/2015/1xxx/CVE-2015-1554.json +++ b/2015/1xxx/CVE-2015-1554.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kgb-bot 1.33-2 allows remote attackers to cause a denial of service (crash)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150207 Re: kgb-bot can be crashed by some network traffic", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/02/08/1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1186590", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1186590" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kgb-bot 1.33-2 allows remote attackers to cause a denial of service (crash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1186590", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186590" + }, + { + "name": "[oss-security] 20150207 Re: kgb-bot can be crashed by some network traffic", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/02/08/1" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1816.json b/2015/1xxx/CVE-2015-1816.json index 2eac5e6bb53..78948e68a3b 100644 --- a/2015/1xxx/CVE-2015-1816.json +++ b/2015/1xxx/CVE-2015-1816.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://projects.theforeman.org/issues/9858", - "refsource" : "CONFIRM", - "url" : "http://projects.theforeman.org/issues/9858" - }, - { - "name" : "https://github.com/theforeman/foreman/pull/2265", - "refsource" : "CONFIRM", - "url" : "https://github.com/theforeman/foreman/pull/2265" - }, - { - "name" : "https://groups.google.com/forum/#!topic/foreman-announce/9ZnuPcplNLI", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/#!topic/foreman-announce/9ZnuPcplNLI" - }, - { - "name" : "RHSA-2015:1591", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2015:1591" - }, - { - "name" : "RHSA-2015:1592", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2015:1592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1592", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2015:1592" + }, + { + "name": "https://github.com/theforeman/foreman/pull/2265", + "refsource": "CONFIRM", + "url": "https://github.com/theforeman/foreman/pull/2265" + }, + { + "name": "http://projects.theforeman.org/issues/9858", + "refsource": "CONFIRM", + "url": "http://projects.theforeman.org/issues/9858" + }, + { + "name": "RHSA-2015:1591", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2015:1591" + }, + { + "name": "https://groups.google.com/forum/#!topic/foreman-announce/9ZnuPcplNLI", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/#!topic/foreman-announce/9ZnuPcplNLI" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1934.json b/2015/1xxx/CVE-2015-1934.json index 18da61942ed..1d0f5142baf 100644 --- a/2015/1xxx/CVE-2015-1934.json +++ b/2015/1xxx/CVE-2015-1934.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21964855", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21964855" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21964855", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964855" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4395.json b/2015/4xxx/CVE-2015-4395.json index 99fc3bf6212..977267310a6 100644 --- a/2015/4xxx/CVE-2015-4395.json +++ b/2015/4xxx/CVE-2015-4395.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal stores passwords in plaintext when the \"Ask user for a password when registering\" option is enabled, which allows remote authenticated users with certain permissions to obtain sensitive information by leveraging access to the database." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/04/25/6" - }, - { - "name" : "https://www.drupal.org/node/2475943", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2475943" - }, - { - "name" : "https://www.drupal.org/node/2475443", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2475443" - }, - { - "name" : "74364", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74364" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal stores passwords in plaintext when the \"Ask user for a password when registering\" option is enabled, which allows remote authenticated users with certain permissions to obtain sensitive information by leveraging access to the database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/04/25/6" + }, + { + "name": "https://www.drupal.org/node/2475943", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2475943" + }, + { + "name": "74364", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74364" + }, + { + "name": "https://www.drupal.org/node/2475443", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2475443" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4440.json b/2015/4xxx/CVE-2015-4440.json index 0021b832dd9..f83a75edcda 100644 --- a/2015/4xxx/CVE-2015-4440.json +++ b/2015/4xxx/CVE-2015-4440.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4440", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-4440", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4492.json b/2015/4xxx/CVE-2015-4492.json index 7cdb8c5f617..de2f7bf3186 100644 --- a/2015/4xxx/CVE-2015-4492.json +++ b/2015/4xxx/CVE-2015-4492.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4492", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-4492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-92.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-92.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1185820", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1185820" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "DSA-3333", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3333" - }, - { - "name" : "GLSA-201605-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201605-06" - }, - { - "name" : "RHSA-2015:1586", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1586.html" - }, - { - "name" : "openSUSE-SU-2015:1389", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html" - }, - { - "name" : "openSUSE-SU-2015:1390", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html" - }, - { - "name" : "SUSE-SU-2015:2081", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html" - }, - { - "name" : "SUSE-SU-2015:1449", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html" - }, - { - "name" : "openSUSE-SU-2015:1453", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html" - }, - { - "name" : "openSUSE-SU-2015:1454", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html" - }, - { - "name" : "SUSE-SU-2015:1528", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html" - }, - { - "name" : "USN-2702-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2702-1" - }, - { - "name" : "USN-2702-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2702-2" - }, - { - "name" : "USN-2702-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2702-3" - }, - { - "name" : "76297", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76297" - }, - { - "name" : "1033247", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033247" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "76297", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76297" + }, + { + "name": "SUSE-SU-2015:2081", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-92.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-92.html" + }, + { + "name": "openSUSE-SU-2015:1454", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html" + }, + { + "name": "USN-2702-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2702-3" + }, + { + "name": "openSUSE-SU-2015:1389", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html" + }, + { + "name": "openSUSE-SU-2015:1453", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html" + }, + { + "name": "RHSA-2015:1586", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1586.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "SUSE-SU-2015:1528", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html" + }, + { + "name": "1033247", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033247" + }, + { + "name": "USN-2702-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2702-2" + }, + { + "name": "USN-2702-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2702-1" + }, + { + "name": "GLSA-201605-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201605-06" + }, + { + "name": "SUSE-SU-2015:1449", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1185820", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1185820" + }, + { + "name": "DSA-3333", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3333" + }, + { + "name": "openSUSE-SU-2015:1390", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5105.json b/2015/5xxx/CVE-2015-5105.json index 68eb296403e..bb95c20e0df 100644 --- a/2015/5xxx/CVE-2015-5105.json +++ b/2015/5xxx/CVE-2015-5105.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5096 and CVE-2015-5098." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html" - }, - { - "name" : "1032892", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032892" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5096 and CVE-2015-5098." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032892", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032892" + }, + { + "name": "https://helpx.adobe.com/security/products/reader/apsb15-15.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/reader/apsb15-15.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5562.json b/2015/5xxx/CVE-2015-5562.json index 11f8fffacef..2a7956a003a 100644 --- a/2015/5xxx/CVE-2015-5562.json +++ b/2015/5xxx/CVE-2015-5562.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code by leveraging an unspecified \"type confusion,\" a different vulnerability than CVE-2015-5554, CVE-2015-5555, and CVE-2015-5558." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "GLSA-201508-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201508-01" - }, - { - "name" : "RHSA-2015:1603", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1603.html" - }, - { - "name" : "openSUSE-SU-2015:1781", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" - }, - { - "name" : "76287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76287" - }, - { - "name" : "1033235", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code by leveraging an unspecified \"type confusion,\" a different vulnerability than CVE-2015-5554, CVE-2015-5555, and CVE-2015-5558." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "GLSA-201508-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201508-01" + }, + { + "name": "76287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76287" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html" + }, + { + "name": "openSUSE-SU-2015:1781", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" + }, + { + "name": "1033235", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033235" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + }, + { + "name": "RHSA-2015:1603", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1603.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2011.json b/2018/2xxx/CVE-2018-2011.json index 27fc1540355..f0b455b7892 100644 --- a/2018/2xxx/CVE-2018-2011.json +++ b/2018/2xxx/CVE-2018-2011.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2011", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-2011", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2246.json b/2018/2xxx/CVE-2018-2246.json index 48105fbd07f..9122601feaf 100644 --- a/2018/2xxx/CVE-2018-2246.json +++ b/2018/2xxx/CVE-2018-2246.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2246", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2246", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2579.json b/2018/2xxx/CVE-2018-2579.json index db136c6fe7f..393c87a4dc1 100644 --- a/2018/2xxx/CVE-2018-2579.json +++ b/2018/2xxx/CVE-2018-2579.json @@ -1,180 +1,180 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java SE: 6u171" - }, - { - "version_affected" : "=", - "version_value" : "7u161" - }, - { - "version_affected" : "=", - "version_value" : "8u152" - }, - { - "version_affected" : "=", - "version_value" : "9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java SE: 6u171" + }, + { + "version_affected": "=", + "version_value": "7u161" + }, + { + "version_affected": "=", + "version_value": "8u152" + }, + { + "version_affected": "=", + "version_value": "9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180117-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180117-0001/" - }, - { - "name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", - "refsource" : "CONFIRM", - "url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us" - }, - { - "name" : "DSA-4144", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4144" - }, - { - "name" : "DSA-4166", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4166" - }, - { - "name" : "RHSA-2018:0095", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0095" - }, - { - "name" : "RHSA-2018:0099", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0099" - }, - { - "name" : "RHSA-2018:0100", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0100" - }, - { - "name" : "RHSA-2018:0115", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0115" - }, - { - "name" : "RHSA-2018:0349", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0349" - }, - { - "name" : "RHSA-2018:0351", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0351" - }, - { - "name" : "RHSA-2018:0352", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0352" - }, - { - "name" : "RHSA-2018:0458", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0458" - }, - { - "name" : "RHSA-2018:0521", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0521" - }, - { - "name" : "RHSA-2018:1463", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1463" - }, - { - "name" : "RHSA-2018:1812", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1812" - }, - { - "name" : "USN-3613-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3613-1/" - }, - { - "name" : "USN-3614-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3614-1/" - }, - { - "name" : "102663", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102663" - }, - { - "name" : "1040203", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040203" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:0351", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0351" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180117-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180117-0001/" + }, + { + "name": "USN-3614-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3614-1/" + }, + { + "name": "DSA-4166", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4166" + }, + { + "name": "RHSA-2018:0095", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0095" + }, + { + "name": "DSA-4144", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4144" + }, + { + "name": "RHSA-2018:0521", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0521" + }, + { + "name": "RHSA-2018:0352", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0352" + }, + { + "name": "RHSA-2018:0115", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0115" + }, + { + "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", + "refsource": "CONFIRM", + "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" + }, + { + "name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html" + }, + { + "name": "RHSA-2018:1812", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1812" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us" + }, + { + "name": "RHSA-2018:0099", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0099" + }, + { + "name": "RHSA-2018:1463", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1463" + }, + { + "name": "RHSA-2018:0458", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0458" + }, + { + "name": "RHSA-2018:0349", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0349" + }, + { + "name": "102663", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102663" + }, + { + "name": "1040203", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040203" + }, + { + "name": "USN-3613-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3613-1/" + }, + { + "name": "RHSA-2018:0100", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0100" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3184.json b/2018/3xxx/CVE-2018-3184.json index d653c5a8bc0..7c2189575b7 100644 --- a/2018/3xxx/CVE-2018-3184.json +++ b/2018/3xxx/CVE-2018-3184.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hyperion BI+", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.1.2.4" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: IQR - Foundation Services). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hyperion BI+ accessible data. CVSS 3.0 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hyperion BI+ accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hyperion BI+", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.1.2.4" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105644", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105644" - }, - { - "name" : "1041898", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: IQR - Foundation Services). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hyperion BI+ accessible data. CVSS 3.0 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hyperion BI+ accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105644", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105644" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "1041898", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041898" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3344.json b/2018/3xxx/CVE-2018-3344.json index 4c357f30a42..338d4f0e3af 100644 --- a/2018/3xxx/CVE-2018-3344.json +++ b/2018/3xxx/CVE-2018-3344.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3344", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3344", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3602.json b/2018/3xxx/CVE-2018-3602.json index 41bfe156af7..036a7b46eab 100644 --- a/2018/3xxx/CVE-2018-3602.json +++ b/2018/3xxx/CVE-2018-3602.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2018-3602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Control Manager", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2018-3602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Control Manager", + "version": { + "version_data": [ + { + "version_value": "6.0" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-068/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-068/" - }, - { - "name" : "https://success.trendmicro.com/solution/1119158", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1119158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://success.trendmicro.com/solution/1119158", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1119158" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-068/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-068/" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3888.json b/2018/3xxx/CVE-2018-3888.json index 877c059f594..64409dcd0e1 100644 --- a/2018/3xxx/CVE-2018-3888.json +++ b/2018/3xxx/CVE-2018-3888.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-04-11T00:00:00", - "ID" : "CVE-2018-3888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Computerinsel Photoline", - "version" : { - "version_data" : [ - { - "version_value" : "Computerinsel Photoline 20.53 for OS X" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out of bounds write" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-04-11T00:00:00", + "ID": "CVE-2018-3888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Computerinsel Photoline", + "version": { + "version_data": [ + { + "version_value": "Computerinsel Photoline 20.53 for OS X" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0563", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0563", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0563" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3896.json b/2018/3xxx/CVE-2018-3896.json index dc3d2325a3a..18386fdf892 100644 --- a/2018/3xxx/CVE-2018-3896.json +++ b/2018/3xxx/CVE-2018-3896.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-07-26T00:00:00", - "ID" : "CVE-2018-3896", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SmartThings Hub STH-ETH-250", - "version" : { - "version_data" : [ - { - "version_value" : "Firmware version 0.20.17" - } - ] - } - } - ] - }, - "vendor_name" : "Samsung" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long \"correlationId\" value in order to exploit this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Classic Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-07-26T00:00:00", + "ID": "CVE-2018-3896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SmartThings Hub STH-ETH-250", + "version": { + "version_data": [ + { + "version_value": "Firmware version 0.20.17" + } + ] + } + } + ] + }, + "vendor_name": "Samsung" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0570", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0570" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long \"correlationId\" value in order to exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Classic Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0570", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0570" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6389.json b/2018/6xxx/CVE-2018-6389.json index f4118008ba7..8c4b37d0a83 100644 --- a/2018/6xxx/CVE-2018-6389.json +++ b/2018/6xxx/CVE-2018-6389.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43968", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43968/" - }, - { - "name" : "https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html", - "refsource" : "MISC", - "url" : "https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html" - }, - { - "name" : "https://github.com/UltimateHackers/Shiva", - "refsource" : "MISC", - "url" : "https://github.com/UltimateHackers/Shiva" - }, - { - "name" : "https://github.com/WazeHell/CVE-2018-6389", - "refsource" : "MISC", - "url" : "https://github.com/WazeHell/CVE-2018-6389" - }, - { - "name" : "https://thehackernews.com/2018/02/wordpress-dos-exploit.html", - "refsource" : "MISC", - "url" : "https://thehackernews.com/2018/02/wordpress-dos-exploit.html" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/9021", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/9021" - }, - { - "name" : "103060", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103060" - }, - { - "name" : "1040347", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040347" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103060", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103060" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/9021", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/9021" + }, + { + "name": "43968", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43968/" + }, + { + "name": "https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html", + "refsource": "MISC", + "url": "https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html" + }, + { + "name": "1040347", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040347" + }, + { + "name": "https://thehackernews.com/2018/02/wordpress-dos-exploit.html", + "refsource": "MISC", + "url": "https://thehackernews.com/2018/02/wordpress-dos-exploit.html" + }, + { + "name": "https://github.com/WazeHell/CVE-2018-6389", + "refsource": "MISC", + "url": "https://github.com/WazeHell/CVE-2018-6389" + }, + { + "name": "https://github.com/UltimateHackers/Shiva", + "refsource": "MISC", + "url": "https://github.com/UltimateHackers/Shiva" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6531.json b/2018/6xxx/CVE-2018-6531.json index 7ad7eb30234..65199ecc7ea 100644 --- a/2018/6xxx/CVE-2018-6531.json +++ b/2018/6xxx/CVE-2018-6531.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6531", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6531", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6574.json b/2018/6xxx/CVE-2018-6574.json index 1a8295e7d1a..50ab781ee27 100644 --- a/2018/6xxx/CVE-2018-6574.json +++ b/2018/6xxx/CVE-2018-6574.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6574", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow \"go get\" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/KINGSABRI/CVE-in-Ruby/tree/master/CVE-2018-6574", - "refsource" : "MISC", - "url" : "https://github.com/KINGSABRI/CVE-in-Ruby/tree/master/CVE-2018-6574" - }, - { - "name" : "https://github.com/golang/go/issues/23672", - "refsource" : "CONFIRM", - "url" : "https://github.com/golang/go/issues/23672" - }, - { - "name" : "https://groups.google.com/forum/#!topic/golang-nuts/Gbhh1NxAjMU", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/#!topic/golang-nuts/Gbhh1NxAjMU" - }, - { - "name" : "https://groups.google.com/forum/#!topic/golang-nuts/sprOaQ5m3Dk", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/#!topic/golang-nuts/sprOaQ5m3Dk" - }, - { - "name" : "DSA-4380", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4380" - }, - { - "name" : "RHSA-2018:0878", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0878" - }, - { - "name" : "RHSA-2018:1304", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow \"go get\" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:1304", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1304" + }, + { + "name": "RHSA-2018:0878", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0878" + }, + { + "name": "DSA-4380", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4380" + }, + { + "name": "https://github.com/KINGSABRI/CVE-in-Ruby/tree/master/CVE-2018-6574", + "refsource": "MISC", + "url": "https://github.com/KINGSABRI/CVE-in-Ruby/tree/master/CVE-2018-6574" + }, + { + "name": "https://groups.google.com/forum/#!topic/golang-nuts/sprOaQ5m3Dk", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/#!topic/golang-nuts/sprOaQ5m3Dk" + }, + { + "name": "https://github.com/golang/go/issues/23672", + "refsource": "CONFIRM", + "url": "https://github.com/golang/go/issues/23672" + }, + { + "name": "https://groups.google.com/forum/#!topic/golang-nuts/Gbhh1NxAjMU", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/#!topic/golang-nuts/Gbhh1NxAjMU" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6795.json b/2018/6xxx/CVE-2018-6795.json index fd247487ab5..0a172b2e059 100644 --- a/2018/6xxx/CVE-2018-6795.json +++ b/2018/6xxx/CVE-2018-6795.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every profile input field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43990", - "refsource" : "EXPLOIT-DB", - "url" : "https://exploit-db.com/exploits/43990/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every profile input field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43990", + "refsource": "EXPLOIT-DB", + "url": "https://exploit-db.com/exploits/43990/" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6810.json b/2018/6xxx/CVE-2018-6810.json index 78d4728f6a7..e0e816c35ad 100644 --- a/2018/6xxx/CVE-2018-6810.json +++ b/2018/6xxx/CVE-2018-6810.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.citrix.com/article/CTX232161", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX232161" - }, - { - "name" : "1040440", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040440" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.citrix.com/article/CTX232161", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX232161" + }, + { + "name": "1040440", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040440" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6952.json b/2018/6xxx/CVE-2018-6952.json index 4a5827d27a5..8bef0a602f3 100644 --- a/2018/6xxx/CVE-2018-6952.json +++ b/2018/6xxx/CVE-2018-6952.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6952", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6952", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://savannah.gnu.org/bugs/index.php?53133", - "refsource" : "MISC", - "url" : "https://savannah.gnu.org/bugs/index.php?53133" - }, - { - "name" : "103047", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103047" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://savannah.gnu.org/bugs/index.php?53133", + "refsource": "MISC", + "url": "https://savannah.gnu.org/bugs/index.php?53133" + }, + { + "name": "103047", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103047" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7888.json b/2018/7xxx/CVE-2018-7888.json index 726934ab298..5ffe93d7b72 100644 --- a/2018/7xxx/CVE-2018-7888.json +++ b/2018/7xxx/CVE-2018-7888.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7888", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7888", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7976.json b/2018/7xxx/CVE-2018-7976.json index 1a2f77851b0..7e782f2becd 100644 --- a/2018/7xxx/CVE-2018-7976.json +++ b/2018/7xxx/CVE-2018-7976.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2018-7976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "eSpace Desktop", - "version" : { - "version_data" : [ - { - "version_value" : "V300R001C00" - }, - { - "version_value" : "V300R001C50" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the eSpace Desktop to hang up, and the function will restore to normal after restarting the eSpace Desktop." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XSS" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2018-7976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "eSpace Desktop", + "version": { + "version_data": [ + { + "version_value": "V300R001C00" + }, + { + "version_value": "V300R001C50" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-xss-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-xss-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the eSpace Desktop to hang up, and the function will restore to normal after restarting the eSpace Desktop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-xss-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-xss-en" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7984.json b/2018/7xxx/CVE-2018-7984.json index 0b08145ff41..f0f7701c03f 100644 --- a/2018/7xxx/CVE-2018-7984.json +++ b/2018/7xxx/CVE-2018-7984.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7984", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7984", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file