From 445086da4e3b065d3ee9fd501df03a11545d9d24 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:36:00 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2005/0xxx/CVE-2005-0383.json | 150 ++++++------- 2005/0xxx/CVE-2005-0463.json | 160 +++++++------- 2005/0xxx/CVE-2005-0582.json | 140 ++++++------ 2005/0xxx/CVE-2005-0709.json | 260 +++++++++++----------- 2005/0xxx/CVE-2005-0913.json | 170 +++++++------- 2005/1xxx/CVE-2005-1217.json | 34 +-- 2005/1xxx/CVE-2005-1398.json | 180 +++++++-------- 2005/1xxx/CVE-2005-1689.json | 390 ++++++++++++++++----------------- 2005/1xxx/CVE-2005-1840.json | 150 ++++++------- 2005/3xxx/CVE-2005-3825.json | 160 +++++++------- 2005/4xxx/CVE-2005-4072.json | 150 ++++++------- 2005/4xxx/CVE-2005-4172.json | 180 +++++++-------- 2005/4xxx/CVE-2005-4625.json | 140 ++++++------ 2005/4xxx/CVE-2005-4755.json | 150 ++++++------- 2005/4xxx/CVE-2005-4769.json | 120 +++++----- 2005/4xxx/CVE-2005-4794.json | 230 +++++++++---------- 2009/0xxx/CVE-2009-0184.json | 160 +++++++------- 2009/0xxx/CVE-2009-0222.json | 210 +++++++++--------- 2009/0xxx/CVE-2009-0929.json | 160 +++++++------- 2009/0xxx/CVE-2009-0969.json | 150 ++++++------- 2009/1xxx/CVE-2009-1781.json | 140 ++++++------ 2009/1xxx/CVE-2009-1924.json | 140 ++++++------ 2009/3xxx/CVE-2009-3530.json | 140 ++++++------ 2009/3xxx/CVE-2009-3632.json | 170 +++++++------- 2009/3xxx/CVE-2009-3786.json | 240 ++++++++++---------- 2009/4xxx/CVE-2009-4070.json | 140 ++++++------ 2009/4xxx/CVE-2009-4072.json | 190 ++++++++-------- 2009/4xxx/CVE-2009-4081.json | 130 +++++------ 2009/4xxx/CVE-2009-4102.json | 200 ++++++++--------- 2009/4xxx/CVE-2009-4331.json | 210 +++++++++--------- 2009/4xxx/CVE-2009-4806.json | 150 ++++++------- 2009/4xxx/CVE-2009-4815.json | 160 +++++++------- 2012/2xxx/CVE-2012-2087.json | 34 +-- 2012/2xxx/CVE-2012-2519.json | 160 +++++++------- 2012/2xxx/CVE-2012-2835.json | 34 +-- 2012/6xxx/CVE-2012-6389.json | 34 +-- 2012/6xxx/CVE-2012-6471.json | 130 +++++------ 2012/6xxx/CVE-2012-6569.json | 120 +++++----- 2012/6xxx/CVE-2012-6625.json | 150 ++++++------- 2015/1xxx/CVE-2015-1435.json | 170 +++++++------- 2015/1xxx/CVE-2015-1452.json | 160 +++++++------- 2015/1xxx/CVE-2015-1513.json | 130 +++++------ 2015/1xxx/CVE-2015-1609.json | 170 +++++++------- 2015/1xxx/CVE-2015-1681.json | 140 ++++++------ 2015/5xxx/CVE-2015-5102.json | 140 ++++++------ 2015/5xxx/CVE-2015-5160.json | 160 +++++++------- 2015/5xxx/CVE-2015-5491.json | 140 ++++++------ 2015/5xxx/CVE-2015-5849.json | 140 ++++++------ 2018/11xxx/CVE-2018-11001.json | 34 +-- 2018/11xxx/CVE-2018-11174.json | 140 ++++++------ 2018/11xxx/CVE-2018-11444.json | 130 +++++------ 2018/11xxx/CVE-2018-11712.json | 140 ++++++------ 2018/11xxx/CVE-2018-11850.json | 120 +++++----- 2018/15xxx/CVE-2018-15576.json | 130 +++++------ 2018/3xxx/CVE-2018-3017.json | 198 ++++++++--------- 2018/3xxx/CVE-2018-3427.json | 34 +-- 2018/3xxx/CVE-2018-3589.json | 132 +++++------ 2018/3xxx/CVE-2018-3599.json | 122 +++++------ 2018/7xxx/CVE-2018-7529.json | 130 +++++------ 2018/8xxx/CVE-2018-8365.json | 34 +-- 60 files changed, 4405 insertions(+), 4405 deletions(-) diff --git a/2005/0xxx/CVE-2005-0383.json b/2005/0xxx/CVE-2005-0383.json index 3ae5d6c8add..ffbbc5767c2 100644 --- a/2005/0xxx/CVE-2005-0383.json +++ b/2005/0xxx/CVE-2005-0383.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro Control Manager 3.0 Enterprise Edition allows remote attackers to gain privileges via a replay attack of the encrypted username and password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050113 Trend Micro Control Manager - Enterprise Edition 3.0 Web application Replay attack", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110564369316593&w=2" - }, - { - "name" : "20050113 Trend Micro Control Manager - Enterprise Edition 3.0 Web application Replay attack", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110565281205427&w=2" - }, - { - "name" : "http://www.cirt.dk/advisories/cirt-28-advisory.pdf", - "refsource" : "MISC", - "url" : "http://www.cirt.dk/advisories/cirt-28-advisory.pdf" - }, - { - "name" : "control-manager-replay-attack(18887)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro Control Manager 3.0 Enterprise Edition allows remote attackers to gain privileges via a replay attack of the encrypted username and password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050113 Trend Micro Control Manager - Enterprise Edition 3.0 Web application Replay attack", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110564369316593&w=2" + }, + { + "name": "http://www.cirt.dk/advisories/cirt-28-advisory.pdf", + "refsource": "MISC", + "url": "http://www.cirt.dk/advisories/cirt-28-advisory.pdf" + }, + { + "name": "control-manager-replay-attack(18887)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18887" + }, + { + "name": "20050113 Trend Micro Control Manager - Enterprise Edition 3.0 Web application Replay attack", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110565281205427&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0463.json b/2005/0xxx/CVE-2005-0463.json index 63e26158a92..f0722b30128 100644 --- a/2005/0xxx/CVE-2005-0463.json +++ b/2005/0xxx/CVE-2005-0463.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown \"major security flaws\" in Ulog-php before 1.0, related to input validation, have unknown impact and attack vectors, probably related to SQL injection vulnerabilities in (1) host.php, (2) port.php, and (3) index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.inl.fr/article.php3?id_article=7", - "refsource" : "CONFIRM", - "url" : "http://www.inl.fr/article.php3?id_article=7" - }, - { - "name" : "12610", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12610" - }, - { - "name" : "13853", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/13853" - }, - { - "name" : "1013220", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013220" - }, - { - "name" : "14321", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown \"major security flaws\" in Ulog-php before 1.0, related to input validation, have unknown impact and attack vectors, probably related to SQL injection vulnerabilities in (1) host.php, (2) port.php, and (3) index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12610", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12610" + }, + { + "name": "14321", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14321" + }, + { + "name": "http://www.inl.fr/article.php3?id_article=7", + "refsource": "CONFIRM", + "url": "http://www.inl.fr/article.php3?id_article=7" + }, + { + "name": "1013220", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013220" + }, + { + "name": "13853", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/13853" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0582.json b/2005/0xxx/CVE-2005-0582.json index 0ee4d1e0266..971e633a164 100644 --- a/2005/0xxx/CVE-2005-0582.json +++ b/2005/0xxx/CVE-2005-0582.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0582", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to execute arbitrary code via a long filename in a PUTOLF request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0582", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050302 Computer Associates License Client PUTOLF Buffer Overflow", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=211&type=vulnerabilities" - }, - { - "name" : "http://supportconnectw.ca.com/public/ca_common_docs/security_notice.asp", - "refsource" : "CONFIRM", - "url" : "http://supportconnectw.ca.com/public/ca_common_docs/security_notice.asp" - }, - { - "name" : "20050302 License Patches Are Now Available To Address Buffer Overflows", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110979326828704&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to execute arbitrary code via a long filename in a PUTOLF request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050302 License Patches Are Now Available To Address Buffer Overflows", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110979326828704&w=2" + }, + { + "name": "20050302 Computer Associates License Client PUTOLF Buffer Overflow", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=211&type=vulnerabilities" + }, + { + "name": "http://supportconnectw.ca.com/public/ca_common_docs/security_notice.asp", + "refsource": "CONFIRM", + "url": "http://supportconnectw.ca.com/public/ca_common_docs/security_notice.asp" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0709.json b/2005/0xxx/CVE-2005-0709.json index 487ce5bc916..1c7d641f09a 100644 --- a/2005/0xxx/CVE-2005-0709.json +++ b/2005/0xxx/CVE-2005-0709.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-0709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050310 Mysql CREATE FUNCTION libc arbitrary code execution.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111066115808506&w=2" - }, - { - "name" : "20050310 Mysql CREATE FUNCTION libc arbitrary code execution.", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0084.html" - }, - { - "name" : "APPLE-SA-2005-08-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" - }, - { - "name" : "APPLE-SA-2005-08-17", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" - }, - { - "name" : "DSA-707", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-707" - }, - { - "name" : "GLSA-200503-19", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-19.xml" - }, - { - "name" : "MDKSA-2005:060", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:060" - }, - { - "name" : "RHSA-2005:334", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-334.html" - }, - { - "name" : "RHSA-2005:348", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-348.html" - }, - { - "name" : "101864", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1" - }, - { - "name" : "SUSE-SA:2005:019", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_19_mysql.html" - }, - { - "name" : "2005-0009", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2005/0009/" - }, - { - "name" : "USN-96-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/96-1/" - }, - { - "name" : "12781", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12781" - }, - { - "name" : "oval:org.mitre.oval:def:10479", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10479" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2005-0009", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2005/0009/" + }, + { + "name": "DSA-707", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-707" + }, + { + "name": "20050310 Mysql CREATE FUNCTION libc arbitrary code execution.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111066115808506&w=2" + }, + { + "name": "20050310 Mysql CREATE FUNCTION libc arbitrary code execution.", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0084.html" + }, + { + "name": "RHSA-2005:334", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-334.html" + }, + { + "name": "101864", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1" + }, + { + "name": "SUSE-SA:2005:019", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_19_mysql.html" + }, + { + "name": "USN-96-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/96-1/" + }, + { + "name": "RHSA-2005:348", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-348.html" + }, + { + "name": "APPLE-SA-2005-08-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" + }, + { + "name": "MDKSA-2005:060", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:060" + }, + { + "name": "GLSA-200503-19", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-19.xml" + }, + { + "name": "oval:org.mitre.oval:def:10479", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10479" + }, + { + "name": "APPLE-SA-2005-08-17", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" + }, + { + "name": "12781", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12781" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0913.json b/2005/0xxx/CVE-2005-0913.json index fdf6294577a..b5ecdc98d0e 100644 --- a/2005/0xxx/CVE-2005-0913.json +++ b/2005/0xxx/CVE-2005-0913.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0913", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the regex_replace modifier (modifier.regex_replace.php) in Smarty before 2.6.8 allows attackers to execute arbitrary PHP code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0913", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200503-35", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200503-35.xml" - }, - { - "name" : "http://news.php.net/php.smarty.dev/2673", - "refsource" : "CONFIRM", - "url" : "http://news.php.net/php.smarty.dev/2673" - }, - { - "name" : "12941", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12941" - }, - { - "name" : "1013556", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013556" - }, - { - "name" : "14729", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14729/" - }, - { - "name" : "smarty-regexreplace-security-bpass(19880)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19880" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the regex_replace modifier (modifier.regex_replace.php) in Smarty before 2.6.8 allows attackers to execute arbitrary PHP code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14729", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14729/" + }, + { + "name": "12941", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12941" + }, + { + "name": "http://news.php.net/php.smarty.dev/2673", + "refsource": "CONFIRM", + "url": "http://news.php.net/php.smarty.dev/2673" + }, + { + "name": "GLSA-200503-35", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200503-35.xml" + }, + { + "name": "smarty-regexreplace-security-bpass(19880)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19880" + }, + { + "name": "1013556", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013556" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1217.json b/2005/1xxx/CVE-2005-1217.json index acae9d8fdd0..a69139f7a06 100644 --- a/2005/1xxx/CVE-2005-1217.json +++ b/2005/1xxx/CVE-2005-1217.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1217", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1217", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1398.json b/2005/1xxx/CVE-2005-1398.json index 35317cead93..797f28e9cfe 100644 --- a/2005/1xxx/CVE-2005-1398.json +++ b/2005/1xxx/CVE-2005-1398.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpcart.php in PHPCart 3.2 allows remote attackers to change product price information by modifying the (1) price or (2) postage parameters. NOTE: it was later reported that 3.4 through 4.6.4 are also affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080828 XSS and Data Manipulation attacks found in CMS PHPCart.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495806/100/0/threaded" - }, - { - "name" : "http://lostmon.blogspot.com/2005/04/phpcart-price-manipulation.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2005/04/phpcart-price-manipulation.html" - }, - { - "name" : "13406", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13406" - }, - { - "name" : "30887", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30887" - }, - { - "name" : "15859", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15859" - }, - { - "name" : "15147", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15147" - }, - { - "name" : "phpcart-phpcart-data-manipulation(44766)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44766" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpcart.php in PHPCart 3.2 allows remote attackers to change product price information by modifying the (1) price or (2) postage parameters. NOTE: it was later reported that 3.4 through 4.6.4 are also affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080828 XSS and Data Manipulation attacks found in CMS PHPCart.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495806/100/0/threaded" + }, + { + "name": "phpcart-phpcart-data-manipulation(44766)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44766" + }, + { + "name": "13406", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13406" + }, + { + "name": "15147", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15147" + }, + { + "name": "http://lostmon.blogspot.com/2005/04/phpcart-price-manipulation.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2005/04/phpcart-price-manipulation.html" + }, + { + "name": "30887", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30887" + }, + { + "name": "15859", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15859" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1689.json b/2005/1xxx/CVE-2005-1689.json index d9feaaac73f..fbc324f80a1 100644 --- a/2005/1xxx/CVE-2005-1689.json +++ b/2005/1xxx/CVE-2005-1689.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050712 MITKRB5-SA-2005-003: double-free in krb5_recvauth", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112119974704542&w=2" - }, - { - "name" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt", - "refsource" : "CONFIRM", - "url" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt" - }, - { - "name" : "APPLE-SA-2005-08-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" - }, - { - "name" : "APPLE-SA-2005-08-17", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" - }, - { - "name" : "CLA-2005:993", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000993" - }, - { - "name" : "DSA-757", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-757" - }, - { - "name" : "GLSA-200507-11", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200507-11.xml" - }, - { - "name" : "HPSBUX02152", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446940/100/0/threaded" - }, - { - "name" : "SSRT5973", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446940/100/0/threaded" - }, - { - "name" : "RHSA-2005:562", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-562.html" - }, - { - "name" : "RHSA-2005:567", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-567.html" - }, - { - "name" : "20050703-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20050703-01-U.asc" - }, - { - "name" : "101810", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101810-1" - }, - { - "name" : "SUSE-SR:2005:017", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_17_sr.html" - }, - { - "name" : "TLSA-2005-78", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.com/security/2005/TLSA-2005-78.txt" - }, - { - "name" : "2005-0036", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2005/0036" - }, - { - "name" : "USN-224-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/224-1/" - }, - { - "name" : "VU#623332", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/623332" - }, - { - "name" : "14239", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14239" - }, - { - "name" : "oval:org.mitre.oval:def:9819", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9819" - }, - { - "name" : "ADV-2005-1066", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1066" - }, - { - "name" : "ADV-2006-3776", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3776" - }, - { - "name" : "1014461", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014461" - }, - { - "name" : "16041", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16041" - }, - { - "name" : "17899", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17899" - }, - { - "name" : "17135", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17135" - }, - { - "name" : "22090", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22090" - }, - { - "name" : "kerberos-kdc-krb5recvauth-execute-code(21055)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014461", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014461" + }, + { + "name": "HPSBUX02152", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446940/100/0/threaded" + }, + { + "name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt", + "refsource": "CONFIRM", + "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt" + }, + { + "name": "GLSA-200507-11", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200507-11.xml" + }, + { + "name": "RHSA-2005:567", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-567.html" + }, + { + "name": "SUSE-SR:2005:017", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_17_sr.html" + }, + { + "name": "kerberos-kdc-krb5recvauth-execute-code(21055)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21055" + }, + { + "name": "101810", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101810-1" + }, + { + "name": "CLA-2005:993", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000993" + }, + { + "name": "RHSA-2005:562", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-562.html" + }, + { + "name": "ADV-2006-3776", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3776" + }, + { + "name": "TLSA-2005-78", + "refsource": "TURBO", + "url": "http://www.turbolinux.com/security/2005/TLSA-2005-78.txt" + }, + { + "name": "SSRT5973", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446940/100/0/threaded" + }, + { + "name": "14239", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14239" + }, + { + "name": "20050703-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20050703-01-U.asc" + }, + { + "name": "16041", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16041" + }, + { + "name": "USN-224-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/224-1/" + }, + { + "name": "22090", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22090" + }, + { + "name": "DSA-757", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-757" + }, + { + "name": "APPLE-SA-2005-08-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" + }, + { + "name": "17135", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17135" + }, + { + "name": "VU#623332", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/623332" + }, + { + "name": "oval:org.mitre.oval:def:9819", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9819" + }, + { + "name": "20050712 MITKRB5-SA-2005-003: double-free in krb5_recvauth", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112119974704542&w=2" + }, + { + "name": "17899", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17899" + }, + { + "name": "ADV-2005-1066", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1066" + }, + { + "name": "APPLE-SA-2005-08-17", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" + }, + { + "name": "2005-0036", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2005/0036" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1840.json b/2005/1xxx/CVE-2005-1840.json index c80e544efa6..9757baba74e 100644 --- a/2005/1xxx/CVE-2005-1840.json +++ b/2005/1xxx/CVE-2005-1840.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1840", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in class.layout_phpcms.php in phpCMS 1.2.x before 1.2.1pl2 allows remote attackers to read or include arbitrary files, as demonstrated using a .. (dot dot) in the language parameter to parser.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050602 SEC-CONSULT SA20050602-1 :: Arbitrary File Inclusion in phpCMS 1.2.x", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111773774916907&w=2" - }, - { - "name" : "http://www.phpcms.de/download/index.en.html", - "refsource" : "CONFIRM", - "url" : "http://www.phpcms.de/download/index.en.html" - }, - { - "name" : "http://cvs.sourceforge.net/viewcvs.py/phpcms/phpcms/parser/include/class.layout_phpcms.php?rev=1.12.2.37&view=markup", - "refsource" : "MISC", - "url" : "http://cvs.sourceforge.net/viewcvs.py/phpcms/phpcms/parser/include/class.layout_phpcms.php?rev=1.12.2.37&view=markup" - }, - { - "name" : "15586", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15586" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in class.layout_phpcms.php in phpCMS 1.2.x before 1.2.1pl2 allows remote attackers to read or include arbitrary files, as demonstrated using a .. (dot dot) in the language parameter to parser.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cvs.sourceforge.net/viewcvs.py/phpcms/phpcms/parser/include/class.layout_phpcms.php?rev=1.12.2.37&view=markup", + "refsource": "MISC", + "url": "http://cvs.sourceforge.net/viewcvs.py/phpcms/phpcms/parser/include/class.layout_phpcms.php?rev=1.12.2.37&view=markup" + }, + { + "name": "http://www.phpcms.de/download/index.en.html", + "refsource": "CONFIRM", + "url": "http://www.phpcms.de/download/index.en.html" + }, + { + "name": "20050602 SEC-CONSULT SA20050602-1 :: Arbitrary File Inclusion in phpCMS 1.2.x", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111773774916907&w=2" + }, + { + "name": "15586", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15586" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3825.json b/2005/3xxx/CVE-2005-3825.json index 568e6036895..8973439dc15 100644 --- a/2005/3xxx/CVE-2005-3825.json +++ b/2005/3xxx/CVE-2005-3825.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a result action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/vote-caster-3x-sql-inj-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/vote-caster-3x-sql-inj-vuln.html" - }, - { - "name" : "15563", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15563" - }, - { - "name" : "ADV-2005-2573", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2573" - }, - { - "name" : "21087", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21087" - }, - { - "name" : "17672", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17672" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a result action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17672", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17672" + }, + { + "name": "ADV-2005-2573", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2573" + }, + { + "name": "15563", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15563" + }, + { + "name": "21087", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21087" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/vote-caster-3x-sql-inj-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/vote-caster-3x-sql-inj-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4072.json b/2005/4xxx/CVE-2005-4072.json index 20b18be0eaf..cdb45c02bd3 100644 --- a/2005/4xxx/CVE-2005-4072.json +++ b/2005/4xxx/CVE-2005-4072.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in CFMagic Magic Forum Personal 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the Words parameter in search_forums.cfm, as used in the \"Search For:\" field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/magic-forum-personal-sqlxss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/magic-forum-personal-sqlxss-vuln.html" - }, - { - "name" : "15774", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15774" - }, - { - "name" : "ADV-2005-2794", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2794" - }, - { - "name" : "17935", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17935" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in CFMagic Magic Forum Personal 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the Words parameter in search_forums.cfm, as used in the \"Search For:\" field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2794", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2794" + }, + { + "name": "17935", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17935" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/magic-forum-personal-sqlxss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/magic-forum-personal-sqlxss-vuln.html" + }, + { + "name": "15774", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15774" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4172.json b/2005/4xxx/CVE-2005-4172.json index 4c904f03d1b..ba68ca4931b 100644 --- a/2005/4xxx/CVE-2005-4172.json +++ b/2005/4xxx/CVE-2005-4172.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information via a direct request to storyblock.php without arguments, which leaks the full pathname in the resulting PHP error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051125 eFiction <= 2.0 multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2005-11/0301.html" - }, - { - "name" : "http://rgod.altervista.org/efiction2_xpl.html", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/efiction2_xpl.html" - }, - { - "name" : "http://www.efiction.wallflowergirl.com/forums/viewtopic.php?t=1555", - "refsource" : "CONFIRM", - "url" : "http://www.efiction.wallflowergirl.com/forums/viewtopic.php?t=1555" - }, - { - "name" : "15568", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15568" - }, - { - "name" : "21125", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21125" - }, - { - "name" : "1015273", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015273" - }, - { - "name" : "17777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17777" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information via a direct request to storyblock.php without arguments, which leaks the full pathname in the resulting PHP error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.efiction.wallflowergirl.com/forums/viewtopic.php?t=1555", + "refsource": "CONFIRM", + "url": "http://www.efiction.wallflowergirl.com/forums/viewtopic.php?t=1555" + }, + { + "name": "21125", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21125" + }, + { + "name": "15568", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15568" + }, + { + "name": "http://rgod.altervista.org/efiction2_xpl.html", + "refsource": "MISC", + "url": "http://rgod.altervista.org/efiction2_xpl.html" + }, + { + "name": "17777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17777" + }, + { + "name": "1015273", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015273" + }, + { + "name": "20051125 eFiction <= 2.0 multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2005-11/0301.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4625.json b/2005/4xxx/CVE-2005-4625.json index 2f399054924..ffc803c2c3b 100644 --- a/2005/4xxx/CVE-2005-4625.json +++ b/2005/4xxx/CVE-2005-4625.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Drivers for certain display adapters, including (1) an unspecified ATI driver and (2) an unspecified Intel driver, might allow remote attackers to cause a denial of service (system crash) via a large JPEG image, as demonstrated in Internet Explorer using stoopid.jpg with a width and height of 9999999." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051231 Dumb IE6/XP denial of service found on the web", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420847/100/0/threaded" - }, - { - "name" : "20060105 RE: Dumb IE6/XP denial of service found on the web", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420947/100/0/threaded" - }, - { - "name" : "20060105 Re: Dumb IE6/XP denial of service found on the web", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420930/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Drivers for certain display adapters, including (1) an unspecified ATI driver and (2) an unspecified Intel driver, might allow remote attackers to cause a denial of service (system crash) via a large JPEG image, as demonstrated in Internet Explorer using stoopid.jpg with a width and height of 9999999." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051231 Dumb IE6/XP denial of service found on the web", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420847/100/0/threaded" + }, + { + "name": "20060105 RE: Dumb IE6/XP denial of service found on the web", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420947/100/0/threaded" + }, + { + "name": "20060105 Re: Dumb IE6/XP denial of service found on the web", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420930/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4755.json b/2005/4xxx/CVE-2005-4755.json index d6258d22529..f4c043469f6 100644 --- a/2005/4xxx/CVE-2005-4755.json +++ b/2005/4xxx/CVE-2005-4755.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or, during domain creation with the Configuration Wizard, renders an SSL private key passphrase in cleartext (2) on a terminal or (3) in a log file, which might allow local users to obtain cryptographic keys." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA05-91.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/145" - }, - { - "name" : "BEA05-96.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/150" - }, - { - "name" : "15052", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15052" - }, - { - "name" : "17138", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or, during domain creation with the Configuration Wizard, renders an SSL private key passphrase in cleartext (2) on a terminal or (3) in a log file, which might allow local users to obtain cryptographic keys." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "BEA05-91.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/145" + }, + { + "name": "BEA05-96.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/150" + }, + { + "name": "15052", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15052" + }, + { + "name": "17138", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17138" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4769.json b/2005/4xxx/CVE-2005-4769.json index 1e63c26dcdf..1d18ae8cbcf 100644 --- a/2005/4xxx/CVE-2005-4769.json +++ b/2005/4xxx/CVE-2005-4769.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in addrbook.php in Belchior Foundry vCard PRO 3.1 allows remote attackers to execute arbitrary SQL commands via the addr_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15254", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in addrbook.php in Belchior Foundry vCard PRO 3.1 allows remote attackers to execute arbitrary SQL commands via the addr_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15254", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15254" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4794.json b/2005/4xxx/CVE-2005-4794.json index c00ba59844b..b47db649e1a 100644 --- a/2005/4xxx/CVE-2005-4794.json +++ b/2005/4xxx/CVE-2005-4794.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4794", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denial of service (crash or instability) via a compressed DNS packet with a label length byte with an incorrect offset." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4794", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en", - "refsource" : "MISC", - "url" : "http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en" - }, - { - "name" : "http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html", - "refsource" : "MISC", - "url" : "http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html" - }, - { - "name" : "20050524 Crafted DNS Packet Can Cause Denial Of Service", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml" - }, - { - "name" : "13729", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13729" - }, - { - "name" : "19003", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19003" - }, - { - "name" : "1014043", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014043" - }, - { - "name" : "1014044", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014044" - }, - { - "name" : "1014045", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014045" - }, - { - "name" : "1014046", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014046" - }, - { - "name" : "1015975", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015975" - }, - { - "name" : "15472", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15472" - }, - { - "name" : "cisco-dns-dos(20712)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20712" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denial of service (crash or instability) via a compressed DNS packet with a label length byte with an incorrect offset." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-dns-dos(20712)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20712" + }, + { + "name": "1014044", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014044" + }, + { + "name": "1014043", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014043" + }, + { + "name": "13729", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13729" + }, + { + "name": "15472", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15472" + }, + { + "name": "http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en", + "refsource": "MISC", + "url": "http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en" + }, + { + "name": "1014046", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014046" + }, + { + "name": "19003", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19003" + }, + { + "name": "1015975", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015975" + }, + { + "name": "20050524 Crafted DNS Packet Can Cause Denial Of Service", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml" + }, + { + "name": "1014045", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014045" + }, + { + "name": "http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html", + "refsource": "MISC", + "url": "http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0184.json b/2009/0xxx/CVE-2009-0184.json index 0d69fbb7130..fc955caf07a 100644 --- a/2009/0xxx/CVE-2009-0184.json +++ b/2009/0xxx/CVE-2009-0184.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the torrent parsing implementation in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allow remote attackers to execute arbitrary code via (1) a long file name within a torrent file, (2) a long tracker URL in a torrent file, or (3) a long comment in a torrent file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2009-0184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090202 Secunia Research: Free Download Manager Torrent Parsing Buffer Overflows", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500605/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2009-5/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2009-5/" - }, - { - "name" : "33555", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33555" - }, - { - "name" : "ADV-2009-0302", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0302" - }, - { - "name" : "33524", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33524" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the torrent parsing implementation in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allow remote attackers to execute arbitrary code via (1) a long file name within a torrent file, (2) a long tracker URL in a torrent file, or (3) a long comment in a torrent file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33555", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33555" + }, + { + "name": "33524", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33524" + }, + { + "name": "20090202 Secunia Research: Free Download Manager Torrent Parsing Buffer Overflows", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500605/100/0/threaded" + }, + { + "name": "ADV-2009-0302", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0302" + }, + { + "name": "http://secunia.com/secunia_research/2009-5/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2009-5/" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0222.json b/2009/0xxx/CVE-2009-0222.json index d13c8d2b4e6..d7247b79278 100644 --- a/2009/0xxx/CVE-2009-0222.json +++ b/2009/0xxx/CVE-2009-0222.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a \"pointer overwrite\" and memory corruption, aka \"Legacy File Format Vulnerability,\" a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-0222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vupen.com/exploits/Microsoft_PowerPoint_Memory_Corruption_Code_Execution_Exploit_MS09_017_1290124.php", - "refsource" : "MISC", - "url" : "http://www.vupen.com/exploits/Microsoft_PowerPoint_Memory_Corruption_Code_Execution_Exploit_MS09_017_1290124.php" - }, - { - "name" : "http://www.vupen.com/exploits/Microsoft_PowerPoint_Pointer_Overwrite_Code_Execution_Exploit_MS09_017_1290123.php", - "refsource" : "MISC", - "url" : "http://www.vupen.com/exploits/Microsoft_PowerPoint_Pointer_Overwrite_Code_Execution_Exploit_MS09_017_1290123.php" - }, - { - "name" : "MS09-017", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017" - }, - { - "name" : "TA09-132A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-132A.html" - }, - { - "name" : "34831", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34831" - }, - { - "name" : "54382", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54382" - }, - { - "name" : "oval:org.mitre.oval:def:6143", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6143" - }, - { - "name" : "1022205", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022205" - }, - { - "name" : "32428", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32428" - }, - { - "name" : "ADV-2009-1290", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1290" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a \"pointer overwrite\" and memory corruption, aka \"Legacy File Format Vulnerability,\" a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vupen.com/exploits/Microsoft_PowerPoint_Pointer_Overwrite_Code_Execution_Exploit_MS09_017_1290123.php", + "refsource": "MISC", + "url": "http://www.vupen.com/exploits/Microsoft_PowerPoint_Pointer_Overwrite_Code_Execution_Exploit_MS09_017_1290123.php" + }, + { + "name": "34831", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34831" + }, + { + "name": "32428", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32428" + }, + { + "name": "ADV-2009-1290", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1290" + }, + { + "name": "MS09-017", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017" + }, + { + "name": "oval:org.mitre.oval:def:6143", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6143" + }, + { + "name": "1022205", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022205" + }, + { + "name": "TA09-132A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-132A.html" + }, + { + "name": "54382", + "refsource": "OSVDB", + "url": "http://osvdb.org/54382" + }, + { + "name": "http://www.vupen.com/exploits/Microsoft_PowerPoint_Memory_Corruption_Code_Execution_Exploit_MS09_017_1290124.php", + "refsource": "MISC", + "url": "http://www.vupen.com/exploits/Microsoft_PowerPoint_Memory_Corruption_Code_Execution_Exploit_MS09_017_1290124.php" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0929.json b/2009/0xxx/CVE-2009-0929.json index 5d903f5b005..158818c34eb 100644 --- a/2009/0xxx/CVE-2009-0929.json +++ b/2009/0xxx/CVE-2009-0929.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the media manager in Nucleus CMS before 3.40 allows remote attackers to read arbitrary files via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.nucleuscms.org/index.php/item/index.php/item/3051", - "refsource" : "CONFIRM", - "url" : "http://www.nucleuscms.org/index.php/item/index.php/item/3051" - }, - { - "name" : "34040", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34040" - }, - { - "name" : "34180", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34180" - }, - { - "name" : "ADV-2009-0637", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0637" - }, - { - "name" : "nucleuscms-mediamanager-directory-traversal(49142)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49142" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the media manager in Nucleus CMS before 3.40 allows remote attackers to read arbitrary files via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "nucleuscms-mediamanager-directory-traversal(49142)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49142" + }, + { + "name": "ADV-2009-0637", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0637" + }, + { + "name": "http://www.nucleuscms.org/index.php/item/index.php/item/3051", + "refsource": "CONFIRM", + "url": "http://www.nucleuscms.org/index.php/item/index.php/item/3051" + }, + { + "name": "34180", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34180" + }, + { + "name": "34040", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34040" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0969.json b/2009/0xxx/CVE-2009-0969.json index 822a389e11e..f306fbcdadf 100644 --- a/2009/0xxx/CVE-2009-0969.json +++ b/2009/0xxx/CVE-2009-0969.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0969", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in account/settings/account/index.php in phpFoX 1.6.21 allows remote attackers to hijack the authentication of administrators for requests that change the email address via the act[update] action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0969", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0903-exploits/phpfox1621-xsrf.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0903-exploits/phpfox1621-xsrf.txt" - }, - { - "name" : "52770", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52770" - }, - { - "name" : "34333", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34333" - }, - { - "name" : "phpfox-email-account-csrf(49288)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49288" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in account/settings/account/index.php in phpFoX 1.6.21 allows remote attackers to hijack the authentication of administrators for requests that change the email address via the act[update] action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52770", + "refsource": "OSVDB", + "url": "http://osvdb.org/52770" + }, + { + "name": "http://packetstormsecurity.org/0903-exploits/phpfox1621-xsrf.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0903-exploits/phpfox1621-xsrf.txt" + }, + { + "name": "34333", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34333" + }, + { + "name": "phpfox-email-account-csrf(49288)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49288" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1781.json b/2009/1xxx/CVE-2009-1781.json index 5021744677b..10d14f759bf 100644 --- a/2009/1xxx/CVE-2009-1781.json +++ b/2009/1xxx/CVE-2009-1781.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Static code injection vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to inject arbitrary PHP code into phpre_config.php via the form_aula parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8658", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8658" - }, - { - "name" : "34909", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34909" - }, - { - "name" : "ADV-2009-1287", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Static code injection vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to inject arbitrary PHP code into phpre_config.php via the form_aula parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1287", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1287" + }, + { + "name": "34909", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34909" + }, + { + "name": "8658", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8658" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1924.json b/2009/1xxx/CVE-2009-1924.json index 660b7756689..0a34198db59 100644 --- a/2009/1xxx/CVE-2009-1924.json +++ b/2009/1xxx/CVE-2009-1924.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka \"WINS Integer Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-1924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS09-039", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-039" - }, - { - "name" : "TA09-223A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-223A.html" - }, - { - "name" : "oval:org.mitre.oval:def:6354", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6354" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka \"WINS Integer Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA09-223A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html" + }, + { + "name": "oval:org.mitre.oval:def:6354", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6354" + }, + { + "name": "MS09-039", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-039" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3530.json b/2009/3xxx/CVE-2009-3530.json index 5de49ef786a..2e97f423f2b 100644 --- a/2009/3xxx/CVE-2009-3530.json +++ b/2009/3xxx/CVE-2009-3530.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in storefront.php in RadScripts RadBids Gold 4 allows remote attackers to inject arbitrary web script or HTML via the mode parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9194", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9194" - }, - { - "name" : "35827", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35827" - }, - { - "name" : "radbids-storefront-xss(51837)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51837" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in storefront.php in RadScripts RadBids Gold 4 allows remote attackers to inject arbitrary web script or HTML via the mode parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35827", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35827" + }, + { + "name": "radbids-storefront-xss(51837)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51837" + }, + { + "name": "9194", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9194" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3632.json b/2009/3xxx/CVE-2009-3632.json index ab89f77d93f..e639cbaa9a5 100644 --- a/2009/3xxx/CVE-2009-3632.json +++ b/2009/3xxx/CVE-2009-3632.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20091023 Re: CVE id request: typo3", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125632856206736&w=2" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/" - }, - { - "name" : "36801", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36801" - }, - { - "name" : "37122", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37122" - }, - { - "name" : "ADV-2009-3009", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3009" - }, - { - "name" : "typo3-editing-sql-injection(53924)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53924" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "typo3-editing-sql-injection(53924)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53924" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/" + }, + { + "name": "37122", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37122" + }, + { + "name": "[oss-security] 20091023 Re: CVE id request: typo3", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125632856206736&w=2" + }, + { + "name": "ADV-2009-3009", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3009" + }, + { + "name": "36801", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36801" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3786.json b/2009/3xxx/CVE-2009-3786.json index a08a2148278..b2b0d5ad8b0 100644 --- a/2009/3xxx/CVE-2009-3786.json +++ b/2009/3xxx/CVE-2009-3786.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3786", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabulary 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the group title." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/605094", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/605094" - }, - { - "name" : "http://drupal.org/node/610948", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/610948" - }, - { - "name" : "http://drupal.org/node/621960", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/621960" - }, - { - "name" : "http://drupal.org/node/623674", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/623674" - }, - { - "name" : "36784", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36784" - }, - { - "name" : "36929", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36929" - }, - { - "name" : "59129", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/59129" - }, - { - "name" : "59673", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/59673" - }, - { - "name" : "37125", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37125" - }, - { - "name" : "37290", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37290" - }, - { - "name" : "ADV-2009-3000", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3000" - }, - { - "name" : "ogvocabulary-title-xss(53902)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53902" - }, - { - "name" : "organic-vocabulary-titles-xss(54150)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabulary 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the group title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/605094", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/605094" + }, + { + "name": "http://drupal.org/node/610948", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/610948" + }, + { + "name": "59129", + "refsource": "OSVDB", + "url": "http://osvdb.org/59129" + }, + { + "name": "http://drupal.org/node/623674", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/623674" + }, + { + "name": "http://drupal.org/node/621960", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/621960" + }, + { + "name": "37125", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37125" + }, + { + "name": "37290", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37290" + }, + { + "name": "ogvocabulary-title-xss(53902)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53902" + }, + { + "name": "organic-vocabulary-titles-xss(54150)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54150" + }, + { + "name": "36784", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36784" + }, + { + "name": "36929", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36929" + }, + { + "name": "59673", + "refsource": "OSVDB", + "url": "http://osvdb.org/59673" + }, + { + "name": "ADV-2009-3000", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3000" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4070.json b/2009/4xxx/CVE-2009-4070.json index 804ae6f3ae6..dac1df9d842 100644 --- a/2009/4xxx/CVE-2009-4070.json +++ b/2009/4xxx/CVE-2009-4070.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in GForge 4.5.14, 4.7.3, and possibly other versions allows remote attackers to execute arbitrary SQL commands via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-1818", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1818" - }, - { - "name" : "35424", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35424" - }, - { - "name" : "35458", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in GForge 4.5.14, 4.7.3, and possibly other versions allows remote attackers to execute arbitrary SQL commands via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1818", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1818" + }, + { + "name": "35458", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35458" + }, + { + "name": "35424", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35424" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4072.json b/2009/4xxx/CVE-2009-4072.json index 3b138e214e1..244e9c47ac9 100644 --- a/2009/4xxx/CVE-2009-4072.json +++ b/2009/4xxx/CVE-2009-4072.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a \"moderately severe issue.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1010/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1010/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1010/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1010/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1010/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1010/" - }, - { - "name" : "37089", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37089" - }, - { - "name" : "60528", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/60528" - }, - { - "name" : "oval:org.mitre.oval:def:6543", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6543" - }, - { - "name" : "37469", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37469" - }, - { - "name" : "ADV-2009-3297", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3297" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a \"moderately severe issue.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/unix/1010/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1010/" + }, + { + "name": "37089", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37089" + }, + { + "name": "37469", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37469" + }, + { + "name": "60528", + "refsource": "OSVDB", + "url": "http://osvdb.org/60528" + }, + { + "name": "oval:org.mitre.oval:def:6543", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6543" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1010/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1010/" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1010/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1010/" + }, + { + "name": "ADV-2009-3297", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3297" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4081.json b/2009/4xxx/CVE-2009-4081.json index 6349d8e480d..4b989f65889 100644 --- a/2009/4xxx/CVE-2009-4081.json +++ b/2009/4xxx/CVE-2009-4081.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in dstat before r3199 allows local users to gain privileges via a Trojan horse Python module in the current working directory, a different vulnerability than CVE-2009-3894." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=293497", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=293497" - }, - { - "name" : "MDVSA-2009:341", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:341" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in dstat before r3199 allows local users to gain privileges via a Trojan horse Python module in the current working directory, a different vulnerability than CVE-2009-3894." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2009:341", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:341" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=293497", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=293497" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4102.json b/2009/4xxx/CVE-2009-4102.json index 46067ce9090..44d879833b1 100644 --- a/2009/4xxx/CVE-2009-4102.json +++ b/2009/4xxx/CVE-2009-4102.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forums.mozillazine.org/viewtopic.php?f=48&t=1603515&start=0", - "refsource" : "MISC", - "url" : "http://forums.mozillazine.org/viewtopic.php?f=48&t=1603515&start=0" - }, - { - "name" : "http://www.net-security.org/secworld.php?id=8527", - "refsource" : "MISC", - "url" : "http://www.net-security.org/secworld.php?id=8527" - }, - { - "name" : "DSA-1951", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1951" - }, - { - "name" : "JVN#99203127", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN99203127/index.html" - }, - { - "name" : "JVNDB-2011-000070", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000070" - }, - { - "name" : "37120", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37120" - }, - { - "name" : "37466", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37466" - }, - { - "name" : "ADV-2009-3324", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3324" - }, - { - "name" : "sage-description-xss(54396)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#99203127", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN99203127/index.html" + }, + { + "name": "37466", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37466" + }, + { + "name": "37120", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37120" + }, + { + "name": "http://forums.mozillazine.org/viewtopic.php?f=48&t=1603515&start=0", + "refsource": "MISC", + "url": "http://forums.mozillazine.org/viewtopic.php?f=48&t=1603515&start=0" + }, + { + "name": "ADV-2009-3324", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3324" + }, + { + "name": "sage-description-xss(54396)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54396" + }, + { + "name": "JVNDB-2011-000070", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000070" + }, + { + "name": "http://www.net-security.org/secworld.php?id=8527", + "refsource": "MISC", + "url": "http://www.net-security.org/secworld.php?id=8527" + }, + { + "name": "DSA-1951", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1951" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4331.json b/2009/4xxx/CVE-2009-4331.json index d2142e31b05..72dd71d67ae 100644 --- a/2009/4xxx/CVE-2009-4331.json +++ b/2009/4xxx/CVE-2009-4331.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability (HA) scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" - }, - { - "name" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21293566", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21293566" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21412902", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21412902" - }, - { - "name" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", - "refsource" : "CONFIRM", - "url" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" - }, - { - "name" : "IC63581", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63581" - }, - { - "name" : "IC63959", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63959" - }, - { - "name" : "37332", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37332" - }, - { - "name" : "37759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37759" - }, - { - "name" : "ADV-2009-3520", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability (HA) scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IC63959", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63959" + }, + { + "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT", + "refsource": "CONFIRM", + "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT" + }, + { + "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", + "refsource": "CONFIRM", + "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" + }, + { + "name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", + "refsource": "CONFIRM", + "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566" + }, + { + "name": "ADV-2009-3520", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3520" + }, + { + "name": "37332", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37332" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902" + }, + { + "name": "37759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37759" + }, + { + "name": "IC63581", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63581" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4806.json b/2009/4xxx/CVE-2009-4806.json index 8691156037f..8e53477d120 100644 --- a/2009/4xxx/CVE-2009-4806.json +++ b/2009/4xxx/CVE-2009-4806.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4806", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin/save_user.asp in Digital Interchange Document Library 1.0.1 does not require administrative authentication, which allows remote attackers to read or modify the administrator's credentials via unspecified vectors. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4806", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8130", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8130" - }, - { - "name" : "33983", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33983" - }, - { - "name" : "34129", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34129" - }, - { - "name" : "documentlibrary-saveuser-security-bypass(49018)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin/save_user.asp in Digital Interchange Document Library 1.0.1 does not require administrative authentication, which allows remote attackers to read or modify the administrator's credentials via unspecified vectors. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "documentlibrary-saveuser-security-bypass(49018)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49018" + }, + { + "name": "33983", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33983" + }, + { + "name": "8130", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8130" + }, + { + "name": "34129", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34129" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4815.json b/2009/4xxx/CVE-2009-4815.json index 3625760815c..4ef8cc02347 100644 --- a/2009/4xxx/CVE-2009-4815.json +++ b/2009/4xxx/CVE-2009-4815.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4815", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4815", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.serv-u.com/releasenotes/", - "refsource" : "CONFIRM", - "url" : "http://www.serv-u.com/releasenotes/" - }, - { - "name" : "37414", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37414" - }, - { - "name" : "37847", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37847" - }, - { - "name" : "ADV-2009-3595", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3595" - }, - { - "name" : "fileserver-unspecified-info-disclosure(54932)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37414", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37414" + }, + { + "name": "37847", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37847" + }, + { + "name": "fileserver-unspecified-info-disclosure(54932)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54932" + }, + { + "name": "http://www.serv-u.com/releasenotes/", + "refsource": "CONFIRM", + "url": "http://www.serv-u.com/releasenotes/" + }, + { + "name": "ADV-2009-3595", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3595" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2087.json b/2012/2xxx/CVE-2012-2087.json index d5862db5085..f7dac0d790c 100644 --- a/2012/2xxx/CVE-2012-2087.json +++ b/2012/2xxx/CVE-2012-2087.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2087", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2087", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2519.json b/2012/2xxx/CVE-2012-2519.json index b3919d8b46f..18ff8984454 100644 --- a/2012/2xxx/CVE-2012-2519.json +++ b/2012/2xxx/CVE-2012-2519.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2519", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka \".NET Framework Insecure Library Loading Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-2519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-074", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-074" - }, - { - "name" : "TA12-318A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-318A.html" - }, - { - "name" : "oval:org.mitre.oval:def:15520", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15520" - }, - { - "name" : "1027753", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027753" - }, - { - "name" : "51236", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51236" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka \".NET Framework Insecure Library Loading Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15520", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15520" + }, + { + "name": "TA12-318A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-318A.html" + }, + { + "name": "MS12-074", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-074" + }, + { + "name": "51236", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51236" + }, + { + "name": "1027753", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027753" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2835.json b/2012/2xxx/CVE-2012-2835.json index eb6a4b7bf4f..db7ddfce0d5 100644 --- a/2012/2xxx/CVE-2012-2835.json +++ b/2012/2xxx/CVE-2012-2835.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2835", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2835", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6389.json b/2012/6xxx/CVE-2012-6389.json index 1bfef90fd9a..0cc4ff3fe1a 100644 --- a/2012/6xxx/CVE-2012-6389.json +++ b/2012/6xxx/CVE-2012-6389.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6389", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6389", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6471.json b/2012/6xxx/CVE-2012-6471.json index ed677740042..a846737c869 100644 --- a/2012/6xxx/CVE-2012-6471.json +++ b/2012/6xxx/CVE-2012-6471.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6471", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6471", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/unified/1212/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unified/1212/" - }, - { - "name" : "http://www.opera.com/support/kb/view/1040/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/1040/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/unified/1212/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unified/1212/" + }, + { + "name": "http://www.opera.com/support/kb/view/1040/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/1040/" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6569.json b/2012/6xxx/CVE-2012-6569.json index 5abd246c29b..597b6efdf1d 100644 --- a/2012/6xxx/CVE-2012-6569.json +++ b/2012/6xxx/CVE-2012-6569.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194370.htm", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194370.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194370.htm", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194370.htm" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6625.json b/2012/6xxx/CVE-2012-6625.json index afa0205d622..9a43d34c0da 100644 --- a/2012/6xxx/CVE-2012-6625.json +++ b/2012/6xxx/CVE-2012-6625.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the groupid parameter in an editgroup action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html" - }, - { - "name" : "http://wordpress.org/extend/plugins/forum-server/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/extend/plugins/forum-server/changelog/" - }, - { - "name" : "https://plugins.trac.wordpress.org/changeset/532918", - "refsource" : "CONFIRM", - "url" : "https://plugins.trac.wordpress.org/changeset/532918" - }, - { - "name" : "53530", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53530" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the groupid parameter in an editgroup action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wordpress.org/extend/plugins/forum-server/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/extend/plugins/forum-server/changelog/" + }, + { + "name": "https://plugins.trac.wordpress.org/changeset/532918", + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset/532918" + }, + { + "name": "53530", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53530" + }, + { + "name": "http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1435.json b/2015/1xxx/CVE-2015-1435.json index 50f6a6b62d7..74b7e5575c7 100644 --- a/2015/1xxx/CVE-2015-1435.json +++ b/2015/1xxx/CVE-2015-1435.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in my little forum before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the back parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150211 Multiple Vulnerabilities in my little forum", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534681/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/130356/My-Little-Forum-2.3.3-Cross-Site-Scripting-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130356/My-Little-Forum-2.3.3-Cross-Site-Scripting-SQL-Injection.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23248", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23248" - }, - { - "name" : "http://mylittleforum.net/forum/index.php?id=8182", - "refsource" : "CONFIRM", - "url" : "http://mylittleforum.net/forum/index.php?id=8182" - }, - { - "name" : "72582", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72582" - }, - { - "name" : "mylittleforum-cve20151435-xss(100856)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100856" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in my little forum before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the back parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150211 Multiple Vulnerabilities in my little forum", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534681/100/0/threaded" + }, + { + "name": "72582", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72582" + }, + { + "name": "mylittleforum-cve20151435-xss(100856)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100856" + }, + { + "name": "http://mylittleforum.net/forum/index.php?id=8182", + "refsource": "CONFIRM", + "url": "http://mylittleforum.net/forum/index.php?id=8182" + }, + { + "name": "http://packetstormsecurity.com/files/130356/My-Little-Forum-2.3.3-Cross-Site-Scripting-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130356/My-Little-Forum-2.3.3-Cross-Site-Scripting-SQL-Injection.html" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23248", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23248" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1452.json b/2015/1xxx/CVE-2015-1452.json index a4e898518f0..67877222a1c 100644 --- a/2015/1xxx/CVE-2015-1452.json +++ b/2015/1xxx/CVE-2015-1452.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Control and Provisioning of Wireless Access Points (CAPWAP) daemon in Fortinet FortiOS 5.0 Patch 7 build 4457 allows remote attackers to cause a denial of service (locked CAPWAP Access Controller) via a large number of ClientHello DTLS messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150129 Fortinet FortiOS Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/125" - }, - { - "name" : "http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiOS_Multiple_Vulnerabilities.pdf", - "refsource" : "MISC", - "url" : "http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiOS_Multiple_Vulnerabilities.pdf" - }, - { - "name" : "http://www.fortiguard.com/advisory/FG-IR-15-002/", - "refsource" : "CONFIRM", - "url" : "http://www.fortiguard.com/advisory/FG-IR-15-002/" - }, - { - "name" : "72383", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72383" - }, - { - "name" : "61661", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Control and Provisioning of Wireless Access Points (CAPWAP) daemon in Fortinet FortiOS 5.0 Patch 7 build 4457 allows remote attackers to cause a denial of service (locked CAPWAP Access Controller) via a large number of ClientHello DTLS messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150129 Fortinet FortiOS Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/125" + }, + { + "name": "http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiOS_Multiple_Vulnerabilities.pdf", + "refsource": "MISC", + "url": "http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiOS_Multiple_Vulnerabilities.pdf" + }, + { + "name": "http://www.fortiguard.com/advisory/FG-IR-15-002/", + "refsource": "CONFIRM", + "url": "http://www.fortiguard.com/advisory/FG-IR-15-002/" + }, + { + "name": "61661", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61661" + }, + { + "name": "72383", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72383" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1513.json b/2015/1xxx/CVE-2015-1513.json index 4377ee57eb5..f1f1baabab3 100644 --- a/2015/1xxx/CVE-2015-1513.json +++ b/2015/1xxx/CVE-2015-1513.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in SIPhone Enterprise PBX allows remote attackers to execute arbitrary SQL commands via the Username." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/130194/SIPhone-Enterprise-PBX-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130194/SIPhone-Enterprise-PBX-SQL-Injection.html" - }, - { - "name" : "siphonepbx-username-sql-injection(100582)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100582" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in SIPhone Enterprise PBX allows remote attackers to execute arbitrary SQL commands via the Username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/130194/SIPhone-Enterprise-PBX-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130194/SIPhone-Enterprise-PBX-SQL-Injection.html" + }, + { + "name": "siphonepbx-username-sql-injection(100582)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100582" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1609.json b/2015/1xxx/CVE-2015-1609.json index c33be4c94bd..e7e82992ae1 100644 --- a/2015/1xxx/CVE-2015-1609.json +++ b/2015/1xxx/CVE-2015-1609.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.mongodb.org/browse/SERVER-17264", - "refsource" : "CONFIRM", - "url" : "https://jira.mongodb.org/browse/SERVER-17264" - }, - { - "name" : "http://www.splunk.com/view/SP-CAAAPC3", - "refsource" : "CONFIRM", - "url" : "http://www.splunk.com/view/SP-CAAAPC3" - }, - { - "name" : "FEDORA-2015-4003", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152493.html" - }, - { - "name" : "FEDORA-2015-4197", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153690.html" - }, - { - "name" : "GLSA-201611-13", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-13" - }, - { - "name" : "1034466", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034466" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2015-4003", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152493.html" + }, + { + "name": "GLSA-201611-13", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-13" + }, + { + "name": "http://www.splunk.com/view/SP-CAAAPC3", + "refsource": "CONFIRM", + "url": "http://www.splunk.com/view/SP-CAAAPC3" + }, + { + "name": "1034466", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034466" + }, + { + "name": "FEDORA-2015-4197", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153690.html" + }, + { + "name": "https://jira.mongodb.org/browse/SERVER-17264", + "refsource": "CONFIRM", + "url": "https://jira.mongodb.org/browse/SERVER-17264" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1681.json b/2015/1xxx/CVE-2015-1681.json index 3768d62bb55..ced8c146ef9 100644 --- a/2015/1xxx/CVE-2015-1681.json +++ b/2015/1xxx/CVE-2015-1681.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denial of service via a crafted .msc file, aka \"Microsoft Management Console File Format Denial of Service Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-054", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-054" - }, - { - "name" : "74486", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74486" - }, - { - "name" : "1032286", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032286" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denial of service via a crafted .msc file, aka \"Microsoft Management Console File Format Denial of Service Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74486", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74486" + }, + { + "name": "1032286", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032286" + }, + { + "name": "MS15-054", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-054" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5102.json b/2015/5xxx/CVE-2015-5102.json index b8a76a032b6..11bdcb106bc 100644 --- a/2015/5xxx/CVE-2015-5102.json +++ b/2015/5xxx/CVE-2015-5102.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3095, CVE-2015-5087, CVE-2015-5094, CVE-2015-5100, CVE-2015-5103, CVE-2015-5104, and CVE-2015-5115." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html" - }, - { - "name" : "75740", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75740" - }, - { - "name" : "1032892", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032892" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3095, CVE-2015-5087, CVE-2015-5094, CVE-2015-5100, CVE-2015-5103, CVE-2015-5104, and CVE-2015-5115." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032892", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032892" + }, + { + "name": "https://helpx.adobe.com/security/products/reader/apsb15-15.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/reader/apsb15-15.html" + }, + { + "name": "75740", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75740" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5160.json b/2015/5xxx/CVE-2015-5160.json index f1d7b69eeb5..8ddb44333c4 100644 --- a/2015/5xxx/CVE-2015-5160.json +++ b/2015/5xxx/CVE-2015-5160.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5160", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170721 [OSSN-0078] Ceph credentials included in logs using older versions of libvirt/qemu", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/07/21/3" - }, - { - "name" : "https://bugs.launchpad.net/ossn/+bug/1686743", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ossn/+bug/1686743" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1245647", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1245647" - }, - { - "name" : "https://wiki.openstack.org/wiki/OSSN/OSSN-0079", - "refsource" : "CONFIRM", - "url" : "https://wiki.openstack.org/wiki/OSSN/OSSN-0079" - }, - { - "name" : "RHSA-2016:2577", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2577.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wiki.openstack.org/wiki/OSSN/OSSN-0079", + "refsource": "CONFIRM", + "url": "https://wiki.openstack.org/wiki/OSSN/OSSN-0079" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1245647", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245647" + }, + { + "name": "RHSA-2016:2577", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2577.html" + }, + { + "name": "https://bugs.launchpad.net/ossn/+bug/1686743", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ossn/+bug/1686743" + }, + { + "name": "[oss-security] 20170721 [OSSN-0078] Ceph credentials included in logs using older versions of libvirt/qemu", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/07/21/3" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5491.json b/2015/5xxx/CVE-2015-5491.json index e823f43ad34..a010b787240 100644 --- a/2015/5xxx/CVE-2015-5491.json +++ b/2015/5xxx/CVE-2015-5491.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5491", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Dynamic display block module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users to bypass intended access restrictions and read sensitive titles by leveraging the \"administer ddblock\" permission." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5491", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/07/04/4" - }, - { - "name" : "https://www.drupal.org/node/2484157", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2484157" - }, - { - "name" : "https://www.drupal.org/node/2504965", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2504965" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Dynamic display block module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users to bypass intended access restrictions and read sensitive titles by leveraging the \"administer ddblock\" permission." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2484157", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2484157" + }, + { + "name": "https://www.drupal.org/node/2504965", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2504965" + }, + { + "name": "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/07/04/4" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5849.json b/2015/5xxx/CVE-2015-5849.json index d278a60d518..1b739757cea 100644 --- a/2015/5xxx/CVE-2015-5849.json +++ b/2015/5xxx/CVE-2015-5849.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5849", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The filtering implementation in AppleEvents in Apple OS X before 10.11 mishandles attempts to send events to a different user, which allows attackers to bypass intended access restrictions by leveraging a screen-sharing connection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205267", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205267" - }, - { - "name" : "APPLE-SA-2015-09-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" - }, - { - "name" : "1033703", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The filtering implementation in AppleEvents in Apple OS X before 10.11 mishandles attempts to send events to a different user, which allows attackers to bypass intended access restrictions by leveraging a screen-sharing connection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033703", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033703" + }, + { + "name": "APPLE-SA-2015-09-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" + }, + { + "name": "https://support.apple.com/HT205267", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205267" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11001.json b/2018/11xxx/CVE-2018-11001.json index 189a1eeccd5..2ced76dfc24 100644 --- a/2018/11xxx/CVE-2018-11001.json +++ b/2018/11xxx/CVE-2018-11001.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11001", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11001", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11174.json b/2018/11xxx/CVE-2018-11174.json index af7eeb9342c..74e25edefe9 100644 --- a/2018/11xxx/CVE-2018-11174.json +++ b/2018/11xxx/CVE-2018-11174.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 32 of 46)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/71" - }, - { - "name" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" - }, - { - "name" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 32 of 46)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/71" + }, + { + "name": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" + }, + { + "name": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11444.json b/2018/11xxx/CVE-2018-11444.json index 16ee6a64e24..5b7a0dafa68 100644 --- a/2018/11xxx/CVE-2018-11444.json +++ b/2018/11xxx/CVE-2018-11444.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A SQL Injection issue was observed in the parameter \"q\" in jobcard-ongoing.php in EasyService Billing 1.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44765", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44765/" - }, - { - "name" : "https://gist.github.com/NinjaXshell/4c0509096cb4ec6543b3f8050369920c", - "refsource" : "MISC", - "url" : "https://gist.github.com/NinjaXshell/4c0509096cb4ec6543b3f8050369920c" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A SQL Injection issue was observed in the parameter \"q\" in jobcard-ongoing.php in EasyService Billing 1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/NinjaXshell/4c0509096cb4ec6543b3f8050369920c", + "refsource": "MISC", + "url": "https://gist.github.com/NinjaXshell/4c0509096cb4ec6543b3f8050369920c" + }, + { + "name": "44765", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44765/" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11712.json b/2018/11xxx/CVE-2018-11712.json index 467ff896ba7..056c79ed690 100644 --- a/2018/11xxx/CVE-2018-11712.json +++ b/2018/11xxx/CVE-2018-11712.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.webkit.org/show_bug.cgi?id=184804", - "refsource" : "MISC", - "url" : "https://bugs.webkit.org/show_bug.cgi?id=184804" - }, - { - "name" : "https://trac.webkit.org/changeset/230886/webkit", - "refsource" : "MISC", - "url" : "https://trac.webkit.org/changeset/230886/webkit" - }, - { - "name" : "GLSA-201808-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201808-04" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201808-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201808-04" + }, + { + "name": "https://trac.webkit.org/changeset/230886/webkit", + "refsource": "MISC", + "url": "https://trac.webkit.org/changeset/230886/webkit" + }, + { + "name": "https://bugs.webkit.org/show_bug.cgi?id=184804", + "refsource": "MISC", + "url": "https://bugs.webkit.org/show_bug.cgi?id=184804" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11850.json b/2018/11xxx/CVE-2018-11850.json index 459ddd74351..064957d61e1 100644 --- a/2018/11xxx/CVE-2018-11850.json +++ b/2018/11xxx/CVE-2018-11850.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 625, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lack of check on remaining length parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 625, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy Without Checking Size of Input in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 625, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lack of check on remaining length parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 625, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy Without Checking Size of Input in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15576.json b/2018/15xxx/CVE-2018-15576.json index 9423cdd5d21..b2a03957ccd 100644 --- a/2018/15xxx/CVE-2018-15576.json +++ b/2018/15xxx/CVE-2018-15576.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45227", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45227/" - }, - { - "name" : "http://packetstormsecurity.com/files/149018/Easylogin-Pro-1.3.0-Remote-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/149018/Easylogin-Pro-1.3.0-Remote-Code-Execution.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/149018/Easylogin-Pro-1.3.0-Remote-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/149018/Easylogin-Pro-1.3.0-Remote-Code-Execution.html" + }, + { + "name": "45227", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45227/" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3017.json b/2018/3xxx/CVE-2018-3017.json index 18c2f3cdd1f..134d55302b4 100644 --- a/2018/3xxx/CVE-2018-3017.json +++ b/2018/3xxx/CVE-2018-3017.json @@ -1,101 +1,101 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CRM Technical Foundation", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.1" - }, - { - "version_affected" : "=", - "version_value" : "12.1.2" - }, - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.4" - }, - { - "version_affected" : "=", - "version_value" : "12.2.5" - }, - { - "version_affected" : "=", - "version_value" : "12.2.6" - }, - { - "version_affected" : "=", - "version_value" : "12.2.7" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CRM Technical Foundation", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.1" + }, + { + "version_affected": "=", + "version_value": "12.1.2" + }, + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.3" + }, + { + "version_affected": "=", + "version_value": "12.2.4" + }, + { + "version_affected": "=", + "version_value": "12.2.5" + }, + { + "version_affected": "=", + "version_value": "12.2.6" + }, + { + "version_affected": "=", + "version_value": "12.2.7" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104833", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104833" - }, - { - "name" : "1041309", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041309" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "1041309", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041309" + }, + { + "name": "104833", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104833" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3427.json b/2018/3xxx/CVE-2018-3427.json index c951a7b8348..e511a3edcde 100644 --- a/2018/3xxx/CVE-2018-3427.json +++ b/2018/3xxx/CVE-2018-3427.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3427", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3427", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3589.json b/2018/3xxx/CVE-2018-3589.json index 669bf532939..81a930d2a37 100644 --- a/2018/3xxx/CVE-2018-3589.json +++ b/2018/3xxx/CVE-2018-3589.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2018-3589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9650, MDM9655, SD 835, SD 845, SD 850" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 835, SD 845, SD 850, the vswr capture size is larger than the maximum size of a diag logPacket, which can lead to a buffer overflow when the sample buffer is copied to the logPacket buffer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy without Checking Size of Input in RFA" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2018-3589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "MDM9650, MDM9655, SD 835, SD 845, SD 850" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 835, SD 845, SD 850, the vswr capture size is larger than the maximum size of a diag logPacket, which can lead to a buffer overflow when the sample buffer is copied to the logPacket buffer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy without Checking Size of Input in RFA" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3599.json b/2018/3xxx/CVE-2018-3599.json index 184727591b2..efe265097f7 100644 --- a/2018/3xxx/CVE-2018-3599.json +++ b/2018/3xxx/CVE-2018-3599.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2018-3599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while notifying a DCI client, a Use After Free condition can occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free in Core" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2018-3599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while notifying a DCI client, a Use After Free condition can occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free in Core" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7529.json b/2018/7xxx/CVE-2018-7529.json index eff30ad3c91..675efb1d8b8 100644 --- a/2018/7xxx/CVE-2018-7529.json +++ b/2018/7xxx/CVE-2018-7529.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2018-7529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OSIsoft PI Data Archive", - "version" : { - "version_data" : [ - { - "version_value" : "OSIsoft PI Data Archive" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may modify deserialized data to send custom requests that crash the server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-502" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2018-7529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OSIsoft PI Data Archive", + "version": { + "version_data": [ + { + "version_value": "OSIsoft PI Data Archive" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-02" - }, - { - "name" : "103399", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103399" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may modify deserialized data to send custom requests that crash the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-02" + }, + { + "name": "103399", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103399" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8365.json b/2018/8xxx/CVE-2018-8365.json index a7a1b415ea3..b04134c5fe9 100644 --- a/2018/8xxx/CVE-2018-8365.json +++ b/2018/8xxx/CVE-2018-8365.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8365", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8365", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file