diff --git a/2000/1xxx/CVE-2000-1156.json b/2000/1xxx/CVE-2000-1156.json index 1a36456e5fc..2deb5e3a974 100644 --- a/2000/1xxx/CVE-2000-1156.json +++ b/2000/1xxx/CVE-2000-1156.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001108 StarOffice 5.2 Temporary Dir Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-11/0115.html" - }, - { - "name" : "1922", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1922" - }, - { - "name" : "staroffice-tmp-sym-link(5487)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "staroffice-tmp-sym-link(5487)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5487" + }, + { + "name": "20001108 StarOffice 5.2 Temporary Dir Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0115.html" + }, + { + "name": "1922", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1922" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0918.json b/2005/0xxx/CVE-2005-0918.json index 29a264b4dbe..6d11ce589bd 100644 --- a/2005/0xxx/CVE-2005-0918.json +++ b/2005/0xxx/CVE-2005-0918.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hyperdose.com/advisories/H2005-07.txt", - "refsource" : "MISC", - "url" : "http://www.hyperdose.com/advisories/H2005-07.txt" - }, - { - "name" : "http://www.adobe.com/support/techdocs/323585.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/techdocs/323585.html" - }, - { - "name" : "1013890", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013890" - }, - { - "name" : "15255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013890", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013890" + }, + { + "name": "http://www.adobe.com/support/techdocs/323585.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/techdocs/323585.html" + }, + { + "name": "15255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15255" + }, + { + "name": "http://www.hyperdose.com/advisories/H2005-07.txt", + "refsource": "MISC", + "url": "http://www.hyperdose.com/advisories/H2005-07.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2068.json b/2005/2xxx/CVE-2005-2068.json index 5f209c353bc..7c3b27cb11b 100644 --- a/2005/2xxx/CVE-2005-2068.json +++ b/2005/2xxx/CVE-2005-2068.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers to modify certain TCP options via a TCP packet with the SYN flag set for an already established session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secteam@freebsd.org", + "ID": "CVE-2005-2068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-05:15", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers to modify certain TCP options via a TCP packet with the SYN flag set for an already established session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FreeBSD-SA-05:15", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2182.json b/2005/2xxx/CVE-2005-2182.json index 138b8e12377..209b22ce377 100644 --- a/2005/2xxx/CVE-2005-2182.json +++ b/2005/2xxx/CVE-2005-2182.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the \"Messages waiting\" message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050706 VoIP-Phones: Weakness in proccessing SIP-Notify-Messages", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112067698624686&w=2" - }, - { - "name" : "http://pentest.tele-consulting.com/advisories/05_07_06_voip-phones.txt", - "refsource" : "MISC", - "url" : "http://pentest.tele-consulting.com/advisories/05_07_06_voip-phones.txt" - }, - { - "name" : "1014407", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2005/Jul/1014407.html" - }, - { - "name" : "sip-notify-message-spoof(21260)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the \"Messages waiting\" message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050706 VoIP-Phones: Weakness in proccessing SIP-Notify-Messages", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112067698624686&w=2" + }, + { + "name": "1014407", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2005/Jul/1014407.html" + }, + { + "name": "http://pentest.tele-consulting.com/advisories/05_07_06_voip-phones.txt", + "refsource": "MISC", + "url": "http://pentest.tele-consulting.com/advisories/05_07_06_voip-phones.txt" + }, + { + "name": "sip-notify-message-spoof(21260)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21260" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2305.json b/2005/2xxx/CVE-2005-2305.json index 303b0d0ffb9..75a329dc107 100644 --- a/2005/2xxx/CVE-2005-2305.json +++ b/2005/2xxx/CVE-2005-2305.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DG Remote Control Server 1.6.2 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via a long message to TCP port 1071 or 1073, possibly due to a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=72", - "refsource" : "MISC", - "url" : "http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=72" - }, - { - "name" : "14263", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14263" - }, - { - "name" : "16070", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DG Remote Control Server 1.6.2 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via a long message to TCP port 1071 or 1073, possibly due to a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=72", + "refsource": "MISC", + "url": "http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=72" + }, + { + "name": "14263", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14263" + }, + { + "name": "16070", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16070" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2385.json b/2005/2xxx/CVE-2005-2385.json index d7aa89de419..35eb99469dd 100644 --- a/2005/2xxx/CVE-2005-2385.json +++ b/2005/2xxx/CVE-2005-2385.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in a third-party compression library (UNACEV2.DLL), as used in avast! Antivirus Home/Professional Edition 4.6.665 and Server Edition 4.6.460, allows remote attackers to execute arbitrary code via an ACE archive containing a long filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2005-20/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2005-20/advisory/" - }, - { - "name" : "http://www.avast.com/eng/av4_revision_history.html", - "refsource" : "MISC", - "url" : "http://www.avast.com/eng/av4_revision_history.html" - }, - { - "name" : "1014544", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014544" - }, - { - "name" : "15776", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15776" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in a third-party compression library (UNACEV2.DLL), as used in avast! Antivirus Home/Professional Edition 4.6.665 and Server Edition 4.6.460, allows remote attackers to execute arbitrary code via an ACE archive containing a long filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15776", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15776" + }, + { + "name": "http://secunia.com/secunia_research/2005-20/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2005-20/advisory/" + }, + { + "name": "http://www.avast.com/eng/av4_revision_history.html", + "refsource": "MISC", + "url": "http://www.avast.com/eng/av4_revision_history.html" + }, + { + "name": "1014544", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014544" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2972.json b/2005/2xxx/CVE-2005-2972.json index baad77e221e..3b5e006d542 100644 --- a/2005/2xxx/CVE-2005-2972.json +++ b/2005/2xxx/CVE-2005-2972.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2972", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the (1) ParseLevelText, (2) getCharsInsideBrace, (3) HandleLists, (4) or (5) HandleAbiLists functions in ie_imp_RTF.cpp, a different vulnerability than CVE-2005-2964." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-2972", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://scary.beasts.org/security/CESA-2005-006.txt", - "refsource" : "MISC", - "url" : "http://scary.beasts.org/security/CESA-2005-006.txt" - }, - { - "name" : "http://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg28251.html", - "refsource" : "MISC", - "url" : "http://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg28251.html" - }, - { - "name" : "http://www.abisource.com/changelogs/2.2.11.phtml", - "refsource" : "CONFIRM", - "url" : "http://www.abisource.com/changelogs/2.2.11.phtml" - }, - { - "name" : "DSA-894", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-894" - }, - { - "name" : "GLSA-200510-17", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200510-17.xml" - }, - { - "name" : "USN-203-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/203-1/" - }, - { - "name" : "15096", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15096" - }, - { - "name" : "ADV-2005-2086", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2086" - }, - { - "name" : "20015", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20015" - }, - { - "name" : "17199", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17199" - }, - { - "name" : "17200", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17200" - }, - { - "name" : "17213", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17213" - }, - { - "name" : "17264", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17264" - }, - { - "name" : "17551", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17551" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the (1) ParseLevelText, (2) getCharsInsideBrace, (3) HandleLists, (4) or (5) HandleAbiLists functions in ie_imp_RTF.cpp, a different vulnerability than CVE-2005-2964." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20015", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20015" + }, + { + "name": "ADV-2005-2086", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2086" + }, + { + "name": "17199", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17199" + }, + { + "name": "DSA-894", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-894" + }, + { + "name": "USN-203-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/203-1/" + }, + { + "name": "17551", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17551" + }, + { + "name": "17264", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17264" + }, + { + "name": "http://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg28251.html", + "refsource": "MISC", + "url": "http://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg28251.html" + }, + { + "name": "http://www.abisource.com/changelogs/2.2.11.phtml", + "refsource": "CONFIRM", + "url": "http://www.abisource.com/changelogs/2.2.11.phtml" + }, + { + "name": "17213", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17213" + }, + { + "name": "http://scary.beasts.org/security/CESA-2005-006.txt", + "refsource": "MISC", + "url": "http://scary.beasts.org/security/CESA-2005-006.txt" + }, + { + "name": "15096", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15096" + }, + { + "name": "GLSA-200510-17", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-17.xml" + }, + { + "name": "17200", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17200" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3270.json b/2005/3xxx/CVE-2005-3270.json index 4056412db0f..53208f487d5 100644 --- a/2005/3xxx/CVE-2005-3270.json +++ b/2005/3xxx/CVE-2005-3270.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in DiskMountNotify for Symantec Norton AntiVirus 9.0.3 allows local users to gain privileges by modifying the PATH to reference a malicious (1) ps or (2) grep file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051020 Symantec Norton AntiVirus DiskMountNotify Local Privilege Escalation", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=325&type=vulnerabilities" - }, - { - "name" : "15143", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15143" - }, - { - "name" : "15142", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15142" - }, - { - "name" : "1015084", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015084" - }, - { - "name" : "17268", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17268" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in DiskMountNotify for Symantec Norton AntiVirus 9.0.3 allows local users to gain privileges by modifying the PATH to reference a malicious (1) ps or (2) grep file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051020 Symantec Norton AntiVirus DiskMountNotify Local Privilege Escalation", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=325&type=vulnerabilities" + }, + { + "name": "17268", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17268" + }, + { + "name": "1015084", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015084" + }, + { + "name": "15142", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15142" + }, + { + "name": "15143", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15143" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3577.json b/2005/3xxx/CVE-2005-3577.json index 88f1bc197b8..dec38172d96 100644 --- a/2005/3xxx/CVE-2005-3577.json +++ b/2005/3xxx/CVE-2005-3577.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability (XSS) in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the sug parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051114 Walla TeleSite Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/416581/30/0/threaded" - }, - { - "name" : "15419", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15419" - }, - { - "name" : "1015204", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015204" - }, - { - "name" : "17547", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability (XSS) in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the sug parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051114 Walla TeleSite Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/416581/30/0/threaded" + }, + { + "name": "1015204", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015204" + }, + { + "name": "15419", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15419" + }, + { + "name": "17547", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17547" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3755.json b/2005/3xxx/CVE-2005-3755.json index 2bafd4fe6b7..d097c4f55dd 100644 --- a/2005/3xxx/CVE-2005-3755.json +++ b/2005/3xxx/CVE-2005-3755.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051121 Google Search Appliance proxystylesheet Flaws", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/417310/30/0/threaded" - }, - { - "name" : "http://metasploit.com/research/vulns/google_proxystylesheet/", - "refsource" : "MISC", - "url" : "http://metasploit.com/research/vulns/google_proxystylesheet/" - }, - { - "name" : "15509", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15509" - }, - { - "name" : "ADV-2005-2500", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2500" - }, - { - "name" : "20977", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20977" - }, - { - "name" : "1015246", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015246" - }, - { - "name" : "17644", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17644" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17644", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17644" + }, + { + "name": "20977", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20977" + }, + { + "name": "http://metasploit.com/research/vulns/google_proxystylesheet/", + "refsource": "MISC", + "url": "http://metasploit.com/research/vulns/google_proxystylesheet/" + }, + { + "name": "20051121 Google Search Appliance proxystylesheet Flaws", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded" + }, + { + "name": "ADV-2005-2500", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2500" + }, + { + "name": "15509", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15509" + }, + { + "name": "1015246", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015246" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3879.json b/2005/3xxx/CVE-2005-3879.json index 590861a9fbc..485742743d5 100644 --- a/2005/3xxx/CVE-2005-3879.json +++ b/2005/3xxx/CVE-2005-3879.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Softbiz Resource Repository Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sbres_id parameter in (a) details_res.php, (b) refer_friend.php, and (c) report_link.php, and (2) the sbcat_id parameter in (d) showcats.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/softbiz-resource-repository-script-sql.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/softbiz-resource-repository-script-sql.html" - }, - { - "name" : "15585", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15585" - }, - { - "name" : "ADV-2005-2617", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2617" - }, - { - "name" : "21133", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21133" - }, - { - "name" : "21134", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21134" - }, - { - "name" : "21135", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21135" - }, - { - "name" : "21136", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21136" - }, - { - "name" : "17555", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17555" - }, - { - "name" : "softbiz-whds-multiple-sql-injection(23208)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23208" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Softbiz Resource Repository Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sbres_id parameter in (a) details_res.php, (b) refer_friend.php, and (c) report_link.php, and (2) the sbcat_id parameter in (d) showcats.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21136", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21136" + }, + { + "name": "17555", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17555" + }, + { + "name": "ADV-2005-2617", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2617" + }, + { + "name": "21134", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21134" + }, + { + "name": "15585", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15585" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/softbiz-resource-repository-script-sql.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/softbiz-resource-repository-script-sql.html" + }, + { + "name": "softbiz-whds-multiple-sql-injection(23208)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23208" + }, + { + "name": "21135", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21135" + }, + { + "name": "21133", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21133" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4024.json b/2005/4xxx/CVE-2005-4024.json index 0b8e05a911b..47e9e650b4e 100644 --- a/2005/4xxx/CVE-2005-4024.json +++ b/2005/4xxx/CVE-2005-4024.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Interspire FastFind 2004 and 2005 allows remote attackers to inject arbitrary web script or HTML via the query parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/interspire-fastfind-2005-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/interspire-fastfind-2005-xss-vuln.html" - }, - { - "name" : "ADV-2005-2692", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2692" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Interspire FastFind 2004 and 2005 allows remote attackers to inject arbitrary web script or HTML via the query parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2692", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2692" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/interspire-fastfind-2005-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/interspire-fastfind-2005-xss-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4180.json b/2005/4xxx/CVE-2005-4180.json index 3b29d90465d..d7c2a92a2ee 100644 --- a/2005/4xxx/CVE-2005-4180.json +++ b/2005/4xxx/CVE-2005-4180.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4180", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4180", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4532.json b/2005/4xxx/CVE-2005-4532.json index 055748ba0d4..c581084162b 100644 --- a/2005/4xxx/CVE-2005-4532.json +++ b/2005/4xxx/CVE-2005-4532.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "scponlyc in scponly 4.1 and earlier, when the operating system supports LD_PRELOAD mechanisms, allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking to a system setuid application, and using a modified LD_PRELOAD to modify expected function calls in the setuid application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sublimation.org/scponly/#relnotes", - "refsource" : "CONFIRM", - "url" : "http://sublimation.org/scponly/#relnotes" - }, - { - "name" : "DSA-969", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-969" - }, - { - "name" : "GLSA-200512-17", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200512-17.xml" - }, - { - "name" : "16051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16051" - }, - { - "name" : "18223", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18223" - }, - { - "name" : "18236", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18236" - }, - { - "name" : "18829", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18829" - }, - { - "name" : "scponly-scponlyc-privilege-escalation(23874)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23874" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "scponlyc in scponly 4.1 and earlier, when the operating system supports LD_PRELOAD mechanisms, allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking to a system setuid application, and using a modified LD_PRELOAD to modify expected function calls in the setuid application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18223", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18223" + }, + { + "name": "16051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16051" + }, + { + "name": "18236", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18236" + }, + { + "name": "DSA-969", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-969" + }, + { + "name": "18829", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18829" + }, + { + "name": "http://sublimation.org/scponly/#relnotes", + "refsource": "CONFIRM", + "url": "http://sublimation.org/scponly/#relnotes" + }, + { + "name": "GLSA-200512-17", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200512-17.xml" + }, + { + "name": "scponly-scponlyc-privilege-escalation(23874)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23874" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4551.json b/2005/4xxx/CVE-2005-4551.json index 123e5b807a0..c6bc8806665 100644 --- a/2005/4xxx/CVE-2005-4551.json +++ b/2005/4xxx/CVE-2005-4551.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4551", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in sign.php in codegrrl SimpBook 1.0, when html_enable is on, allows remote attackers to inject arbitrary web script or HTML via the message parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4551", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051223 html in simpbook", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113535570125766&w=2" - }, - { - "name" : "16053", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16053" - }, - { - "name" : "16058", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16058" - }, - { - "name" : "18256", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18256" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in sign.php in codegrrl SimpBook 1.0, when html_enable is on, allows remote attackers to inject arbitrary web script or HTML via the message parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051223 html in simpbook", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=113535570125766&w=2" + }, + { + "name": "18256", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18256" + }, + { + "name": "16053", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16053" + }, + { + "name": "16058", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16058" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4670.json b/2005/4xxx/CVE-2005-4670.json index a7c946fa68c..6cf5e432630 100644 --- a/2005/4xxx/CVE-2005-4670.json +++ b/2005/4xxx/CVE-2005-4670.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in message.php in CityPost Automated Link Exchange (LNKX) allows remote attackers to inject arbitrary web script or HTML via the msg parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13255", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13255" - }, - { - "name" : "15676", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15676" - }, - { - "name" : "1013752", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013752" - }, - { - "name" : "15009", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15009" - }, - { - "name" : "citypost-automated-link-exchange-message-xss(20167)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20167" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in message.php in CityPost Automated Link Exchange (LNKX) allows remote attackers to inject arbitrary web script or HTML via the msg parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13255", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13255" + }, + { + "name": "1013752", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013752" + }, + { + "name": "citypost-automated-link-exchange-message-xss(20167)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20167" + }, + { + "name": "15676", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15676" + }, + { + "name": "15009", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15009" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4865.json b/2005/4xxx/CVE-2005-4865.json index e02ee4b4dad..c032f48da4d 100644 --- a/2005/4xxx/CVE-2005-4865.json +++ b/2005/4xxx/CVE-2005-4865.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4865", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050105 IBM DB2 call buffer overflow (#NISR05012005C)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110495173031208&w=2" - }, - { - "name" : "http://www.nextgenss.com/advisories/db205012005C.txt", - "refsource" : "MISC", - "url" : "http://www.nextgenss.com/advisories/db205012005C.txt" - }, - { - "name" : "IY62041", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IY62041" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21181228", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21181228" - }, - { - "name" : "11399", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11399" - }, - { - "name" : "12733", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12733/" - }, - { - "name" : "db2-long-library-bo(17611)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17611" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050105 IBM DB2 call buffer overflow (#NISR05012005C)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110495173031208&w=2" + }, + { + "name": "db2-long-library-bo(17611)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17611" + }, + { + "name": "http://www.nextgenss.com/advisories/db205012005C.txt", + "refsource": "MISC", + "url": "http://www.nextgenss.com/advisories/db205012005C.txt" + }, + { + "name": "IY62041", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY62041" + }, + { + "name": "11399", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11399" + }, + { + "name": "12733", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12733/" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21181228", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21181228" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2107.json b/2009/2xxx/CVE-2009-2107.json index 808b5f86995..c2d99d099db 100644 --- a/2009/2xxx/CVE-2009-2107.json +++ b/2009/2xxx/CVE-2009-2107.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2107", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in Webmedia Explorer (webmex) 5.09 and 5.10 allow remote attackers to inject arbitrary web script or HTML via event handlers such as onmouseover in the (1) search or (2) tag parameters; (3) arbitrary invalid parameter names that are not properly handled when triggered on a column; (4) bookmark parameter in an edit action; or (5) email parameter in a remember action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2107", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090612 [InterN0T] Webmedia Explorer - XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504307/100/0/threaded" - }, - { - "name" : "http://forum.intern0t.net/intern0t-advisories/1123-intern0t-webmedia-explorer-cross-site-scripting-vulnerability.html", - "refsource" : "MISC", - "url" : "http://forum.intern0t.net/intern0t-advisories/1123-intern0t-webmedia-explorer-cross-site-scripting-vulnerability.html" - }, - { - "name" : "35368", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35368" - }, - { - "name" : "35477", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in Webmedia Explorer (webmex) 5.09 and 5.10 allow remote attackers to inject arbitrary web script or HTML via event handlers such as onmouseover in the (1) search or (2) tag parameters; (3) arbitrary invalid parameter names that are not properly handled when triggered on a column; (4) bookmark parameter in an edit action; or (5) email parameter in a remember action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35368", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35368" + }, + { + "name": "20090612 [InterN0T] Webmedia Explorer - XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504307/100/0/threaded" + }, + { + "name": "35477", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35477" + }, + { + "name": "http://forum.intern0t.net/intern0t-advisories/1123-intern0t-webmedia-explorer-cross-site-scripting-vulnerability.html", + "refsource": "MISC", + "url": "http://forum.intern0t.net/intern0t-advisories/1123-intern0t-webmedia-explorer-cross-site-scripting-vulnerability.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2162.json b/2009/2xxx/CVE-2009-2162.json index 4c59b74b848..9c7fc024122 100644 --- a/2009/2xxx/CVE-2009-2162.json +++ b/2009/2xxx/CVE-2009-2162.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the XOOPS MANIAC PukiWikiMod module 1.6.6.2 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xoops.hypweb.net/wiki/6005.html", - "refsource" : "CONFIRM", - "url" : "http://xoops.hypweb.net/wiki/6005.html" - }, - { - "name" : "JVN#12244807", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN12244807/index.html" - }, - { - "name" : "JVNDB-2009-000041", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000041.html" - }, - { - "name" : "55189", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55189" - }, - { - "name" : "35504", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35504" - }, - { - "name" : "pukiwikimod-unspecified-xss(51260)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the XOOPS MANIAC PukiWikiMod module 1.6.6.2 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#12244807", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN12244807/index.html" + }, + { + "name": "JVNDB-2009-000041", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000041.html" + }, + { + "name": "http://xoops.hypweb.net/wiki/6005.html", + "refsource": "CONFIRM", + "url": "http://xoops.hypweb.net/wiki/6005.html" + }, + { + "name": "35504", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35504" + }, + { + "name": "pukiwikimod-unspecified-xss(51260)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51260" + }, + { + "name": "55189", + "refsource": "OSVDB", + "url": "http://osvdb.org/55189" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2439.json b/2009/2xxx/CVE-2009-2439.json index d88da0b571b..ad360e4e571 100644 --- a/2009/2xxx/CVE-2009-2439.json +++ b/2009/2xxx/CVE-2009-2439.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2439", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Web Development House Alibaba Clone allow remote attackers to execute arbitrary SQL commands via the (1) IndustryID parameter to category.php and the (2) SellerID parameter to supplier/view_contact_details.php. NOTE: this is a product that was developed by a third party; it is not associated with alibaba.com or the Alibaba Group." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2439", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/alibabaclone-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/alibabaclone-sql.txt" - }, - { - "name" : "35741", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35741" - }, - { - "name" : "ADV-2009-1838", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1838" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Web Development House Alibaba Clone allow remote attackers to execute arbitrary SQL commands via the (1) IndustryID parameter to category.php and the (2) SellerID parameter to supplier/view_contact_details.php. NOTE: this is a product that was developed by a third party; it is not associated with alibaba.com or the Alibaba Group." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1838", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1838" + }, + { + "name": "35741", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35741" + }, + { + "name": "http://packetstormsecurity.org/0907-exploits/alibabaclone-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/alibabaclone-sql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3464.json b/2009/3xxx/CVE-2009-3464.json index 113da653169..c124f870320 100644 --- a/2009/3xxx/CVE-2009-3464.json +++ b/2009/3xxx/CVE-2009-3464.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an \"invalid pointer vulnerability,\" a different issue than CVE-2009-3465. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2009-3464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb09-16.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb09-16.html" - }, - { - "name" : "36905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36905" - }, - { - "name" : "oval:org.mitre.oval:def:6394", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6394" - }, - { - "name" : "1023123", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023123" - }, - { - "name" : "ADV-2009-3134", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3134" - }, - { - "name" : "shockwave-pointer-code-execution(54119)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54119" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an \"invalid pointer vulnerability,\" a different issue than CVE-2009-3465. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36905" + }, + { + "name": "shockwave-pointer-code-execution(54119)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54119" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb09-16.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb09-16.html" + }, + { + "name": "oval:org.mitre.oval:def:6394", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6394" + }, + { + "name": "ADV-2009-3134", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3134" + }, + { + "name": "1023123", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023123" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3513.json b/2009/3xxx/CVE-2009-3513.json index b072c5a26cf..ced6a2b3d6a 100644 --- a/2009/3xxx/CVE-2009-3513.json +++ b/2009/3xxx/CVE-2009-3513.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group (PG) eTraining allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to courses_login.php, the id parameter to (2) news_read.php or (3) lessons_login.php, or (4) the cur parameter in a start action to lessons_login.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/etraining-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/etraining-xss.txt" - }, - { - "name" : "35834", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35834" - }, - { - "name" : "etraining-multiple-xss(52072)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52072" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group (PG) eTraining allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to courses_login.php, the id parameter to (2) news_read.php or (3) lessons_login.php, or (4) the cur parameter in a start action to lessons_login.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35834", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35834" + }, + { + "name": "etraining-multiple-xss(52072)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52072" + }, + { + "name": "http://packetstormsecurity.org/0907-exploits/etraining-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/etraining-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3717.json b/2009/3xxx/CVE-2009-3717.json index 1937cb2b145..6d4eb0d6516 100644 --- a/2009/3xxx/CVE-2009-3717.json +++ b/2009/3xxx/CVE-2009-3717.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3717", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in LucVil PatPlayer 3.9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URI in a playlist (.m3u) file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3717", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9102", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9102" - }, - { - "name" : "55746", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55746" - }, - { - "name" : "35756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35756" - }, - { - "name" : "ADV-2009-1860", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1860" - }, - { - "name" : "patplayer-m3u-bo(51624)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51624" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in LucVil PatPlayer 3.9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URI in a playlist (.m3u) file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1860", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1860" + }, + { + "name": "35756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35756" + }, + { + "name": "9102", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9102" + }, + { + "name": "55746", + "refsource": "OSVDB", + "url": "http://osvdb.org/55746" + }, + { + "name": "patplayer-m3u-bo(51624)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51624" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3747.json b/2009/3xxx/CVE-2009-3747.json index 1f5035b0b6f..516cdd1a6f1 100644 --- a/2009/3xxx/CVE-2009-3747.json +++ b/2009/3xxx/CVE-2009-3747.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3747", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in TBmnetCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the content parameter. NOTE: this was originally reported for tbmnet.php, but that program does not exist in the TBmnetCMS 1.0 distribution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0910-exploits/tbmnetcms-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0910-exploits/tbmnetcms-xss.txt" - }, - { - "name" : "36733", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36733" - }, - { - "name" : "32462", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32462" - }, - { - "name" : "tbmnetcms-tbmnet-xss(53828)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53828" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in TBmnetCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the content parameter. NOTE: this was originally reported for tbmnet.php, but that program does not exist in the TBmnetCMS 1.0 distribution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0910-exploits/tbmnetcms-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0910-exploits/tbmnetcms-xss.txt" + }, + { + "name": "tbmnetcms-tbmnet-xss(53828)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53828" + }, + { + "name": "36733", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36733" + }, + { + "name": "32462", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32462" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4583.json b/2009/4xxx/CVE-2009-4583.json index 5e96559f1b6..406fc4a4288 100644 --- a/2009/4xxx/CVE-2009-4583.json +++ b/2009/4xxx/CVE-2009-4583.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the DhForum (com_dhforum) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a grouplist action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0912-exploits/joomladhforum-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0912-exploits/joomladhforum-sql.txt" - }, - { - "name" : "10742", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10742" - }, - { - "name" : "37475", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37475" - }, - { - "name" : "dhforum-id-sql-injection(55157)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55157" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the DhForum (com_dhforum) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a grouplist action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "dhforum-id-sql-injection(55157)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55157" + }, + { + "name": "10742", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10742" + }, + { + "name": "http://packetstormsecurity.org/0912-exploits/joomladhforum-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0912-exploits/joomladhforum-sql.txt" + }, + { + "name": "37475", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37475" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4721.json b/2009/4xxx/CVE-2009-4721.json index e455672a804..0289bfe45ce 100644 --- a/2009/4xxx/CVE-2009-4721.json +++ b/2009/4xxx/CVE-2009-4721.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4721", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Admin/index.asp in Andrews-Web (A-W) BannerAd 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) User and (2) Password parameters. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4721", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9328", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9328" - }, - { - "name" : "36135", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36135" - }, - { - "name" : "ADV-2009-2122", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2122" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Admin/index.asp in Andrews-Web (A-W) BannerAd 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) User and (2) Password parameters. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-2122", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2122" + }, + { + "name": "36135", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36135" + }, + { + "name": "9328", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9328" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4753.json b/2009/4xxx/CVE-2009-4753.json index 5cff78d609c..461ac1db4ef 100644 --- a/2009/4xxx/CVE-2009-4753.json +++ b/2009/4xxx/CVE-2009-4753.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4753", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the FTP server on the Addonics NAS Adapter NASU2FW41 with loader 1.17 allow remote attackers to cause a denial of service (TCP/IP outage) via long arguments to the (1) XRMD, (2) delete, (3) RNFR, or (4) RNTO command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090501 Addonics NAS Adapter FTP Remote Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503146/100/0/threaded" - }, - { - "name" : "8584", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8584" - }, - { - "name" : "34796", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34796" - }, - { - "name" : "34965", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34965" - }, - { - "name" : "nasadapter-ftp-dos(50289)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50289" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the FTP server on the Addonics NAS Adapter NASU2FW41 with loader 1.17 allow remote attackers to cause a denial of service (TCP/IP outage) via long arguments to the (1) XRMD, (2) delete, (3) RNFR, or (4) RNTO command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8584", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8584" + }, + { + "name": "34796", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34796" + }, + { + "name": "nasadapter-ftp-dos(50289)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50289" + }, + { + "name": "34965", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34965" + }, + { + "name": "20090501 Addonics NAS Adapter FTP Remote Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503146/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4966.json b/2009/4xxx/CVE-2009-4966.json index a874d0f08f9..3e5803cf1e2 100644 --- a/2009/4xxx/CVE-2009-4966.json +++ b/2009/4xxx/CVE-2009-4966.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4966", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipsearch) extension 0.5.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4966", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/" - }, - { - "name" : "36135", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36135" - }, - { - "name" : "ADV-2009-2411", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2411" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipsearch) extension 0.5.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-2411", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2411" + }, + { + "name": "36135", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36135" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0928.json b/2015/0xxx/CVE-2015-0928.json index 2b3591626fa..7a4c424d0fa 100644 --- a/2015/0xxx/CVE-2015-0928.json +++ b/2015/0xxx/CVE-2015-0928.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0928", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-0928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://redmine.openinfosecfoundation.org/issues/1272", - "refsource" : "MISC", - "url" : "https://redmine.openinfosecfoundation.org/issues/1272" - }, - { - "name" : "73117", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://redmine.openinfosecfoundation.org/issues/1272", + "refsource": "MISC", + "url": "https://redmine.openinfosecfoundation.org/issues/1272" + }, + { + "name": "73117", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73117" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0963.json b/2015/0xxx/CVE-2015-0963.json index 596ac5f4d25..47dc24445b6 100644 --- a/2015/0xxx/CVE-2015-0963.json +++ b/2015/0xxx/CVE-2015-0963.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0963", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0963", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1030.json b/2015/1xxx/CVE-2015-1030.json index 575f9a4090b..969d6dc16cb 100644 --- a/2015/1xxx/CVE-2015-1030.json +++ b/2015/1xxx/CVE-2015-1030.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150110 Re: CVE Request for Privoxy Version: 3.0.22", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/11/1" - }, - { - "name" : "http://www.privoxy.org/announce.txt", - "refsource" : "CONFIRM", - "url" : "http://www.privoxy.org/announce.txt" - }, - { - "name" : "62123", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62123", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62123" + }, + { + "name": "[oss-security] 20150110 Re: CVE Request for Privoxy Version: 3.0.22", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/11/1" + }, + { + "name": "http://www.privoxy.org/announce.txt", + "refsource": "CONFIRM", + "url": "http://www.privoxy.org/announce.txt" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1094.json b/2015/1xxx/CVE-2015-1094.json index ce0326d39e4..4002a681322 100644 --- a/2015/1xxx/CVE-2015-1094.json +++ b/2015/1xxx/CVE-2015-1094.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204661", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204661" - }, - { - "name" : "https://support.apple.com/HT204662", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204662" - }, - { - "name" : "https://support.apple.com/kb/HT204870", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT204870" - }, - { - "name" : "APPLE-SA-2015-04-08-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" - }, - { - "name" : "APPLE-SA-2015-04-08-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" - }, - { - "name" : "73983", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73983" - }, - { - "name" : "1032050", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032050" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/kb/HT204870", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT204870" + }, + { + "name": "APPLE-SA-2015-04-08-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" + }, + { + "name": "73983", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73983" + }, + { + "name": "1032050", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032050" + }, + { + "name": "https://support.apple.com/HT204662", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204662" + }, + { + "name": "APPLE-SA-2015-04-08-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" + }, + { + "name": "https://support.apple.com/HT204661", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204661" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1101.json b/2015/1xxx/CVE-2015-1101.json index 87a84c0aec3..af378c3f6fc 100644 --- a/2015/1xxx/CVE-2015-1101.json +++ b/2015/1xxx/CVE-2015-1101.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1101", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1101", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204659", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204659" - }, - { - "name" : "https://support.apple.com/HT204661", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204661" - }, - { - "name" : "https://support.apple.com/HT204662", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204662" - }, - { - "name" : "https://support.apple.com/kb/HT204870", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT204870" - }, - { - "name" : "APPLE-SA-2015-04-08-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-04-08-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" - }, - { - "name" : "APPLE-SA-2015-04-08-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" - }, - { - "name" : "1032048", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT204659", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204659" + }, + { + "name": "https://support.apple.com/kb/HT204870", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT204870" + }, + { + "name": "APPLE-SA-2015-04-08-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" + }, + { + "name": "1032048", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032048" + }, + { + "name": "APPLE-SA-2015-04-08-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" + }, + { + "name": "https://support.apple.com/HT204662", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204662" + }, + { + "name": "APPLE-SA-2015-04-08-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" + }, + { + "name": "https://support.apple.com/HT204661", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204661" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1326.json b/2015/1xxx/CVE-2015-1326.json index 2fcb5e67f1d..9c6d5bfb3c3 100644 --- a/2015/1xxx/CVE-2015-1326.json +++ b/2015/1xxx/CVE-2015-1326.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1326", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1326", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1627.json b/2015/1xxx/CVE-2015-1627.json index ea283595c7c..c9021203d50 100644 --- a/2015/1xxx/CVE-2015-1627.json +++ b/2015/1xxx/CVE-2015-1627.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1627", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka \"Internet Explorer Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-018", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-018" - }, - { - "name" : "72932", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72932" - }, - { - "name" : "1031888", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka \"Internet Explorer Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-018", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-018" + }, + { + "name": "1031888", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031888" + }, + { + "name": "72932", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72932" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1829.json b/2015/1xxx/CVE-2015-1829.json index b0d5fdbca91..0e0a8008b2f 100644 --- a/2015/1xxx/CVE-2015-1829.json +++ b/2015/1xxx/CVE-2015-1829.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1829", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unknown vectors related to Web Listener." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "http://www.apache.org/dist/apr/Announcement1.x.html", - "refsource" : "CONFIRM", - "url" : "http://www.apache.org/dist/apr/Announcement1.x.html" - }, - { - "name" : "75164", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75164" - }, - { - "name" : "1032617", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unknown vectors related to Web Listener." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "http://www.apache.org/dist/apr/Announcement1.x.html", + "refsource": "CONFIRM", + "url": "http://www.apache.org/dist/apr/Announcement1.x.html" + }, + { + "name": "1032617", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032617" + }, + { + "name": "75164", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75164" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4069.json b/2015/4xxx/CVE-2015-4069.json index 2e27baeca71..9260d74d36d 100644 --- a/2015/4xxx/CVE-2015-4069.json +++ b/2015/4xxx/CVE-2015-4069.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2) getBackupPolicies method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-243/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-243/" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-244/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-244/" - }, - { - "name" : "http://documentation.arcserve.com/Arcserve-UDP/Available/V5/ENU/Bookshelf_Files/HTML/Update%204/UDP_Update4_ReleaseNotes.html", - "refsource" : "CONFIRM", - "url" : "http://documentation.arcserve.com/Arcserve-UDP/Available/V5/ENU/Bookshelf_Files/HTML/Update%204/UDP_Update4_ReleaseNotes.html" - }, - { - "name" : "74838", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74838" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2) getBackupPolicies method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74838", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74838" + }, + { + "name": "http://documentation.arcserve.com/Arcserve-UDP/Available/V5/ENU/Bookshelf_Files/HTML/Update%204/UDP_Update4_ReleaseNotes.html", + "refsource": "CONFIRM", + "url": "http://documentation.arcserve.com/Arcserve-UDP/Available/V5/ENU/Bookshelf_Files/HTML/Update%204/UDP_Update4_ReleaseNotes.html" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-243/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-243/" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-244/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-244/" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4567.json b/2015/4xxx/CVE-2015-4567.json index 60449aad9b5..705cc4c2a58 100644 --- a/2015/4xxx/CVE-2015-4567.json +++ b/2015/4xxx/CVE-2015-4567.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4567", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4567", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4612.json b/2015/4xxx/CVE-2015-4612.json index 98f1aa9ec6d..b44ea8611c7 100644 --- a/2015/4xxx/CVE-2015-4612.json +++ b/2015/4xxx/CVE-2015-4612.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the \"FAQ - Frequently Asked Questions\" (js_faq) extension before 1.2.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-012/", - "refsource" : "MISC", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-012/" - }, - { - "name" : "http://typo3.org/extensions/repository/view/js_faq", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/js_faq" - }, - { - "name" : "75256", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75256" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the \"FAQ - Frequently Asked Questions\" (js_faq) extension before 1.2.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-012/", + "refsource": "MISC", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-012/" + }, + { + "name": "75256", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75256" + }, + { + "name": "http://typo3.org/extensions/repository/view/js_faq", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/js_faq" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4633.json b/2015/4xxx/CVE-2015-4633.json index 93f9b313e3d..a0a29c81654 100644 --- a/2015/4xxx/CVE-2015-4633.json +++ b/2015/4xxx/CVE-2015-4633.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in the OPAC interface or (2) remote authenticated users to execute arbitrary SQL commands via the Filter or (3) Criteria parameter to reports/borrowers_out.pl in the Staff interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37387", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37387/" - }, - { - "name" : "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS", - "refsource" : "FULLDISC", - "url" : "https://seclists.org/fulldisclosure/2015/Jun/80" - }, - { - "name" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html" - }, - { - "name" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/", - "refsource" : "MISC", - "url" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/" - }, - { - "name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412", - "refsource" : "CONFIRM", - "url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412" - }, - { - "name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426", - "refsource" : "CONFIRM", - "url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426" - }, - { - "name" : "https://koha-community.org/koha-3-14-16-released/", - "refsource" : "CONFIRM", - "url" : "https://koha-community.org/koha-3-14-16-released/" - }, - { - "name" : "https://koha-community.org/security-release-koha-3-16-12/", - "refsource" : "CONFIRM", - "url" : "https://koha-community.org/security-release-koha-3-16-12/" - }, - { - "name" : "https://koha-community.org/security-release-koha-3-18-8/", - "refsource" : "CONFIRM", - "url" : "https://koha-community.org/security-release-koha-3-18-8/" - }, - { - "name" : "https://koha-community.org/security-release-koha-3-20-1/", - "refsource" : "CONFIRM", - "url" : "https://koha-community.org/security-release-koha-3-20-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in the OPAC interface or (2) remote authenticated users to execute arbitrary SQL commands via the Filter or (3) Criteria parameter to reports/borrowers_out.pl in the Staff interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426", + "refsource": "CONFIRM", + "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426" + }, + { + "name": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html" + }, + { + "name": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412", + "refsource": "CONFIRM", + "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412" + }, + { + "name": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/", + "refsource": "MISC", + "url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/" + }, + { + "name": "https://koha-community.org/security-release-koha-3-16-12/", + "refsource": "CONFIRM", + "url": "https://koha-community.org/security-release-koha-3-16-12/" + }, + { + "name": "37387", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37387/" + }, + { + "name": "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS", + "refsource": "FULLDISC", + "url": "https://seclists.org/fulldisclosure/2015/Jun/80" + }, + { + "name": "https://koha-community.org/security-release-koha-3-18-8/", + "refsource": "CONFIRM", + "url": "https://koha-community.org/security-release-koha-3-18-8/" + }, + { + "name": "https://koha-community.org/security-release-koha-3-20-1/", + "refsource": "CONFIRM", + "url": "https://koha-community.org/security-release-koha-3-20-1/" + }, + { + "name": "https://koha-community.org/koha-3-14-16-released/", + "refsource": "CONFIRM", + "url": "https://koha-community.org/koha-3-14-16-released/" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5089.json b/2015/5xxx/CVE-2015-5089.json index cc32c323a90..f5310d5f834 100644 --- a/2015/5xxx/CVE-2015-5089.json +++ b/2015/5xxx/CVE-2015-5089.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5089", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2014-8450, CVE-2015-4449, CVE-2015-4450, CVE-2015-5088, and CVE-2015-5092." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5089", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html" - }, - { - "name" : "75742", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75742" - }, - { - "name" : "1032892", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032892" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2014-8450, CVE-2015-4449, CVE-2015-4450, CVE-2015-5088, and CVE-2015-5092." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032892", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032892" + }, + { + "name": "https://helpx.adobe.com/security/products/reader/apsb15-15.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/reader/apsb15-15.html" + }, + { + "name": "75742", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75742" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5669.json b/2015/5xxx/CVE-2015-5669.json index 07fb185639f..a7cd3dc15ad 100644 --- a/2015/5xxx/CVE-2015-5669.json +++ b/2015/5xxx/CVE-2015-5669.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Techno Project Japan Enisys Gw before 1.4.1 allows remote authenticated users to write to arbitrary files and consequently execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-5669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tpj.co.jp/enisys/resource.html", - "refsource" : "CONFIRM", - "url" : "http://www.tpj.co.jp/enisys/resource.html" - }, - { - "name" : "JVN#33179297", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN33179297/index.html" - }, - { - "name" : "JVNDB-2015-000168", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000168" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Techno Project Japan Enisys Gw before 1.4.1 allows remote authenticated users to write to arbitrary files and consequently execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#33179297", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN33179297/index.html" + }, + { + "name": "http://www.tpj.co.jp/enisys/resource.html", + "refsource": "CONFIRM", + "url": "http://www.tpj.co.jp/enisys/resource.html" + }, + { + "name": "JVNDB-2015-000168", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000168" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2036.json b/2018/2xxx/CVE-2018-2036.json index 17e456fef00..9eedc9432ec 100644 --- a/2018/2xxx/CVE-2018-2036.json +++ b/2018/2xxx/CVE-2018-2036.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2036", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2036", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2955.json b/2018/2xxx/CVE-2018-2955.json index 56024539d81..fa20d96ee80 100644 --- a/2018/2xxx/CVE-2018-2955.json +++ b/2018/2xxx/CVE-2018-2955.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality OPERA 5 Property Services", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.5.x" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Integration). The supported version that is affected is 5.5.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality OPERA 5 Property Services accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality OPERA 5 Property Services", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.5.x" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104809", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104809" - }, - { - "name" : "1041300", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Integration). The supported version that is affected is 5.5.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality OPERA 5 Property Services accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "104809", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104809" + }, + { + "name": "1041300", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041300" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3108.json b/2018/3xxx/CVE-2018-3108.json index bc5282a781a..3012725813b 100644 --- a/2018/3xxx/CVE-2018-3108.json +++ b/2018/3xxx/CVE-2018-3108.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Fusion Middleware", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.2.1.2" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Fusion Middleware component of Oracle Fusion Middleware (subcomponent: Oracle Notification Service). Supported versions that are affected are 12.2.1.2 and 12.2.1.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Fusion Middleware accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Fusion Middleware accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fusion Middleware", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.2.1.2" + }, + { + "version_affected": "=", + "version_value": "12.2.1.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104819", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104819" - }, - { - "name" : "1041310", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041310" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Fusion Middleware component of Oracle Fusion Middleware (subcomponent: Oracle Notification Service). Supported versions that are affected are 12.2.1.2 and 12.2.1.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Fusion Middleware accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Fusion Middleware accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "104819", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104819" + }, + { + "name": "1041310", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041310" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3572.json b/2018/3xxx/CVE-2018-3572.json index 7bbc4714cbb..feb521134e2 100644 --- a/2018/3xxx/CVE-2018-3572.json +++ b/2018/3xxx/CVE-2018-3572.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-05-11T00:00:00", - "ID" : "CVE-2018-3572", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "While processing a DSP buffer in an audio driver's event handler, an index of a buffer is not checked before accessing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Restriction of Operations within the Bounds of a Memory Buffer in Audio" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-05-11T00:00:00", + "ID": "CVE-2018-3572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2", - "refsource" : "MISC", - "url" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "While processing a DSP buffer in an audio driver's event handler, an index of a buffer is not checked before accessing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer in Audio" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2", + "refsource": "MISC", + "url": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3766.json b/2018/3xxx/CVE-2018-3766.json index f2551aa2ccb..f18e68f26d8 100644 --- a/2018/3xxx/CVE-2018-3766.json +++ b/2018/3xxx/CVE-2018-3766.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2018-3766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "buttle", - "version" : { - "version_data" : [ - { - "version_value" : "Not fixed" - } - ] - } - } - ] - }, - "vendor_name" : "https://github.com/jtrussell" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Path traversal in buttle module versions <= 0.2.0 allows to read any file in the server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2018-3766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "buttle", + "version": { + "version_data": [ + { + "version_value": "Not fixed" + } + ] + } + } + ] + }, + "vendor_name": "https://github.com/jtrussell" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/358112", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/358112" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Path traversal in buttle module versions <= 0.2.0 allows to read any file in the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/358112", + "refsource": "MISC", + "url": "https://hackerone.com/reports/358112" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3792.json b/2018/3xxx/CVE-2018-3792.json index f4ac4e0db97..411d27eec3a 100644 --- a/2018/3xxx/CVE-2018-3792.json +++ b/2018/3xxx/CVE-2018-3792.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3792", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3792", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6345.json b/2018/6xxx/CVE-2018-6345.json index 82606590614..7eb7d6a33a3 100644 --- a/2018/6xxx/CVE-2018-6345.json +++ b/2018/6xxx/CVE-2018-6345.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@fb.com", - "DATE_ASSIGNED" : "2018-12-11", - "ID" : "CVE-2018-6345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HHVM", - "version" : { - "version_data" : [ - { - "version_affected" : "!=>", - "version_value" : "3.30.2" - }, - { - "version_affected" : ">=", - "version_value" : "3.30.0" - }, - { - "version_affected" : "!=>", - "version_value" : "3.27.6" - }, - { - "version_affected" : "<", - "version_value" : "3.27.6" - } - ] - } - } - ] - }, - "vendor_name" : "Facebook" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all supported versions of HHVM (3.30.1 and 3.27.5 and below)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap-based Buffer Overflow (CWE-122)" - } + "CVE_data_meta": { + "ASSIGNER": "cve-assign@fb.com", + "DATE_ASSIGNED": "2018-12-11", + "ID": "CVE-2018-6345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HHVM", + "version": { + "version_data": [ + { + "version_affected": "!=>", + "version_value": "3.30.2" + }, + { + "version_affected": ">=", + "version_value": "3.30.0" + }, + { + "version_affected": "!=>", + "version_value": "3.27.6" + }, + { + "version_affected": "<", + "version_value": "3.27.6" + } + ] + } + } + ] + }, + "vendor_name": "Facebook" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/facebook/hhvm/commit/190ffdf6c8b1ec443be202c7d69e63a7e3da25e3", - "refsource" : "MISC", - "url" : "https://github.com/facebook/hhvm/commit/190ffdf6c8b1ec443be202c7d69e63a7e3da25e3" - }, - { - "name" : "https://hhvm.com/blog/2019/01/14/hhvm-3.30.2.html", - "refsource" : "MISC", - "url" : "https://hhvm.com/blog/2019/01/14/hhvm-3.30.2.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all supported versions of HHVM (3.30.1 and 3.27.5 and below)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based Buffer Overflow (CWE-122)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/facebook/hhvm/commit/190ffdf6c8b1ec443be202c7d69e63a7e3da25e3", + "refsource": "MISC", + "url": "https://github.com/facebook/hhvm/commit/190ffdf6c8b1ec443be202c7d69e63a7e3da25e3" + }, + { + "name": "https://hhvm.com/blog/2019/01/14/hhvm-3.30.2.html", + "refsource": "MISC", + "url": "https://hhvm.com/blog/2019/01/14/hhvm-3.30.2.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6588.json b/2018/6xxx/CVE-2018-6588.json index 30f6cd60f26..fa50debf3de 100644 --- a/2018/6xxx/CVE-2018-6588.json +++ b/2018/6xxx/CVE-2018-6588.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vuln@ca.com", - "DATE_PUBLIC" : "2018-03-28T04:00:00.000Z", - "ID" : "CVE-2018-6588", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CA API Developer Portal", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "3.5", - "version_value" : "3.5 CR6" - } - ] - } - } - ] - }, - "vendor_name" : "CA Technologies" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" - } + "CVE_data_meta": { + "ASSIGNER": "vuln@ca.com", + "DATE_PUBLIC": "2018-03-28T04:00:00.000Z", + "ID": "CVE-2018-6588", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CA API Developer Portal", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "3.5", + "version_value": "3.5 CR6" + } + ] + } + } + ] + }, + "vendor_name": "CA Technologies" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180328-01--security-notice-for-ca-api-developer-portal.html", - "refsource" : "CONFIRM", - "url" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180328-01--security-notice-for-ca-api-developer-portal.html" - }, - { - "name" : "1040603", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040603" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040603", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040603" + }, + { + "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180328-01--security-notice-for-ca-api-developer-portal.html", + "refsource": "CONFIRM", + "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180328-01--security-notice-for-ca-api-developer-portal.html" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6824.json b/2018/6xxx/CVE-2018-6824.json index 8a65dfda5fc..63e8d15026d 100644 --- a/2018/6xxx/CVE-2018-6824.json +++ b/2018/6xxx/CVE-2018-6824.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6824", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cozy version 2 has XSS allowing remote attackers to obtain administrative access via JavaScript code in the url parameter to the /api/proxy URI, as demonstrated by an XMLHttpRequest call with an 'email:\"attacker@example.com\"' request, which can be followed by a password reset." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.lynxsecurity.io/releases/XSS%20to%20Account%20Takeover%20in%20Cozy%20Cloud.pdf", - "refsource" : "MISC", - "url" : "http://www.lynxsecurity.io/releases/XSS%20to%20Account%20Takeover%20in%20Cozy%20Cloud.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cozy version 2 has XSS allowing remote attackers to obtain administrative access via JavaScript code in the url parameter to the /api/proxy URI, as demonstrated by an XMLHttpRequest call with an 'email:\"attacker@example.com\"' request, which can be followed by a password reset." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.lynxsecurity.io/releases/XSS%20to%20Account%20Takeover%20in%20Cozy%20Cloud.pdf", + "refsource": "MISC", + "url": "http://www.lynxsecurity.io/releases/XSS%20to%20Account%20Takeover%20in%20Cozy%20Cloud.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7902.json b/2018/7xxx/CVE-2018-7902.json index e59633a6eb3..5b2d68d7d3a 100644 --- a/2018/7xxx/CVE-2018-7902.json +++ b/2018/7xxx/CVE-2018-7902.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2018-7902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "1288H V5; 2288H V5", - "version" : { - "version_data" : [ - { - "version_value" : "V100R005C00" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "JSON injection" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2018-7902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "1288H V5; 2288H V5", + "version": { + "version_data": [ + { + "version_value": "V100R005C00" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-json-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-json-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "JSON injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-json-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-json-en" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8360.json b/2018/8xxx/CVE-2018-8360.json index 6d39d466b82..1e2395e2395 100644 --- a/2018/8xxx/CVE-2018-8360.json +++ b/2018/8xxx/CVE-2018-8360.json @@ -1,276 +1,276 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft .NET Framework", - "version" : { - "version_data" : [ - { - "version_value" : "2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value" : "2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value" : "2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" - }, - { - "version_value" : "3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value" : "3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value" : "3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" - }, - { - "version_value" : "3.5 on Windows 10 for 32-bit Systems" - }, - { - "version_value" : "3.5 on Windows 10 for x64-based Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "3.5 on Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "3.5 on Windows 8.1 for x64-based systems" - }, - { - "version_value" : "3.5 on Windows Server 2012" - }, - { - "version_value" : "3.5 on Windows Server 2012 (Server Core installation)" - }, - { - "version_value" : "3.5 on Windows Server 2012 R2" - }, - { - "version_value" : "3.5 on Windows Server 2012 R2 (Server Core installation)" - }, - { - "version_value" : "3.5 on Windows Server 2016" - }, - { - "version_value" : "3.5 on Windows Server 2016 (Server Core installation)" - }, - { - "version_value" : "3.5 on Windows Server, version 1709 (Server Core Installation)" - }, - { - "version_value" : "3.5 on Windows Server, version 1803 (Server Core Installation)" - }, - { - "version_value" : "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "3.5.1 on Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value" : "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "4.5.2 on Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "4.5.2 on Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "4.5.2 on Windows 8.1 for x64-based systems" - }, - { - "version_value" : "4.5.2 on Windows RT 8.1" - }, - { - "version_value" : "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value" : "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2" - }, - { - "version_value" : "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value" : "4.5.2 on Windows Server 2012" - }, - { - "version_value" : "4.5.2 on Windows Server 2012 (Server Core installation)" - }, - { - "version_value" : "4.5.2 on Windows Server 2012 R2" - }, - { - "version_value" : "4.5.2 on Windows Server 2012 R2 (Server Core installation)" - }, - { - "version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016" - }, - { - "version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)" - }, - { - "version_value" : "4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems" - }, - { - "version_value" : "4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)" - }, - { - "version_value" : "4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation)" - }, - { - "version_value" : "4.7.2 on Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "4.7.2 on Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "4.7.2 on Windows Server, version 1803 (Server Core Installation)" - }, - { - "version_value" : "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka \".NET Framework Information Disclosure Vulnerability.\" This affects Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft .NET Framework", + "version": { + "version_data": [ + { + "version_value": "2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "3.5 on Windows 10 for 32-bit Systems" + }, + { + "version_value": "3.5 on Windows 10 for x64-based Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "3.5 on Windows 8.1 for 32-bit systems" + }, + { + "version_value": "3.5 on Windows 8.1 for x64-based systems" + }, + { + "version_value": "3.5 on Windows Server 2012" + }, + { + "version_value": "3.5 on Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "3.5 on Windows Server 2012 R2" + }, + { + "version_value": "3.5 on Windows Server 2012 R2 (Server Core installation)" + }, + { + "version_value": "3.5 on Windows Server 2016" + }, + { + "version_value": "3.5 on Windows Server 2016 (Server Core installation)" + }, + { + "version_value": "3.5 on Windows Server, version 1709 (Server Core Installation)" + }, + { + "version_value": "3.5 on Windows Server, version 1803 (Server Core Installation)" + }, + { + "version_value": "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "3.5.1 on Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "4.5.2 on Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "4.5.2 on Windows 8.1 for 32-bit systems" + }, + { + "version_value": "4.5.2 on Windows 8.1 for x64-based systems" + }, + { + "version_value": "4.5.2 on Windows RT 8.1" + }, + { + "version_value": "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "4.5.2 on Windows Server 2012" + }, + { + "version_value": "4.5.2 on Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "4.5.2 on Windows Server 2012 R2" + }, + { + "version_value": "4.5.2 on Windows Server 2012 R2 (Server Core installation)" + }, + { + "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016" + }, + { + "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)" + }, + { + "version_value": "4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems" + }, + { + "version_value": "4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)" + }, + { + "version_value": "4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation)" + }, + { + "version_value": "4.7.2 on Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "4.7.2 on Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "4.7.2 on Windows Server, version 1803 (Server Core Installation)" + }, + { + "version_value": "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8360", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8360" - }, - { - "name" : "104986", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104986" - }, - { - "name" : "1041462", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041462" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka \".NET Framework Information Disclosure Vulnerability.\" This affects Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041462", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041462" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8360", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8360" + }, + { + "name": "104986", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104986" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8537.json b/2018/8xxx/CVE-2018-8537.json index e89316b2760..01a4d448b0e 100644 --- a/2018/8xxx/CVE-2018-8537.json +++ b/2018/8xxx/CVE-2018-8537.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8537", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8537", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file